site-reliability-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes external markdown and MDX files which creates an attack surface for indirect prompt injection. Ingestion points: Documentation files located at website/docs/**/*.md are read and processed by validation scripts. Boundary markers: The validation logic lacks explicit delimiters or instructions to ignore embedded commands. Capability inventory: The skill uses Read, Write, Edit, and Bash tools. Sanitization: The scripts perform regex-based detection but do not sanitize content for agent instructions.
- [COMMAND_EXECUTION]: The skill documentation describes using npm run commands for installing git hooks and running validation scripts. It also suggests using chmod +x for script execution permissions.
- [EXTERNAL_DOWNLOADS]: The CI/CD integration reference documents the use of official GitHub Actions (checkout, setup-node, upload-artifact) to automate health checks.
Audit Metadata