k-ecosystem
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- SAFE (INFO): No security issues detected. The skill is a documentation-only resource that describes component relationships and tool usage for the Mechanic/Fen ecosystem.
- EXTERNAL_DOWNLOADS (INFO): The skill contains a reference to an external GitHub repository (github.com/Falkicon/afd) for documentation purposes. This is a non-executable link and does not pose a security risk in this context.
- INDIRECT_PROMPT_INJECTION (LOW): The skill describes an 'Agent-First Development' workflow where the agent reads output from external tools (addon.output). While this defines an ingestion surface for untrusted data, the skill itself provides no executable logic and maintains appropriate boundaries by requiring user interaction (the reload loop) before tool execution.
Audit Metadata