create-composite
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, sensitive data exposure, or suspicious remote dependencies were identified. The skill's functionality is limited to providing structural templates for software development.
- [PROMPT_INJECTION]: The skill uses template interpolation for code generation (e.g.,
{Name},{operation},{leafBehavior}). This represents a surface for indirect prompt injection where malicious input could be inserted into the resulting source code. - Ingestion points: User-specified class names, operations, and behaviors are used to fill placeholders in
SKILL.mdandreferences/templates.md. - Boundary markers: No explicit markers or instructions to disregard embedded commands within inputs are provided.
- Capability inventory: The skill outlines the creation of PHP files in the
src/Domain/andtests/Unit/directories. - Sanitization: The skill does not implement or suggest sanitization for the strings provided to the placeholders, which is a common characteristic of template-based generation skills.
Audit Metadata