site-reliability-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides commands for destructive file system operations such as 'rm -rf .docusaurus build' and automated setup via 'npm run install-hooks'. These are standard SRE practices for cache clearing and pre-commit hook configuration and are considered safe within the context of the skill's primary purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The validation scripts rely on the 'glob' Node.js package. The presence of external dependencies introduces a minor risk related to package supply chains.
- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface. 1. Ingestion points: Validation scripts like 'scripts/validate-liquid.js' read and parse untrusted Markdown and MDX files from the filesystem. 2. Boundary markers: The scripts use context-aware logic to skip code blocks but do not provide the agent with explicit instructions to ignore instructions embedded in the file data. 3. Capability inventory: The skill is permitted to use 'Bash', 'Write', and 'Edit' tools, which could be exploited if an agent is manipulated by instructions found in the ingested files. 4. Sanitization: No sanitization is performed on the content of the files being validated.
Audit Metadata