Skills
skills/duc01226/easyplatform/ai-dev-tools-sync/Gen Agent Trust Hub

ai-dev-tools-sync

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes instructions from external configuration files and web search results, which introduces a surface for indirect prompt injection.
  • Ingestion points: Reads project-level configuration files including CLAUDE.md, .github/common.copilot-instructions.md, and .github/workspace.copilot-instructions.md, as well as web search results for tool features.
  • Boundary markers: No explicit delimiters are used to separate untrusted file content from the agent's primary instructions.
  • Capability inventory: The skill utilizes task planning (TaskCreate), file reading/writing, and web search capabilities.
  • Sanitization: No automated sanitization is performed, though the skill explicitly instructs the agent to 'Be skeptical' and require 'traced proof' for every claim.
  • [EXTERNAL_DOWNLOADS]: The skill references official documentation and resources from well-known services and trusted organizations.
  • Evidence: Links to docs.github.com, code.visualstudio.com, and the official GitHub awesome-copilot repository are provided for feature research.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 02:35 PM