s-develop
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns, prompt injection, or data exfiltration vectors were detected. The skill focuses on educational Lua patterns for the WoW API.
- External Library Management (INFO): The skill utilizes a CLI-based workflow (
mech call libs.sync) for managing Ace3 libraries. This is a standard development practice and does not involve arbitrary remote code execution. - Indirect Prompt Injection Surface (LOW): While the documentation provides examples for handling game events that ingest external data (e.g.,
CHAT_MSG_*), this is an inherent and expected feature of WoW addons. The risk is mitigated by the restricted environment of the WoW Lua sandbox. - Ingestion points:
CHAT_MSG_*andUNIT_AURAevents described inreferences/event-patterns.md. - Boundary markers: The guidance encourages the use of
pcallandnilchecks for API resilience. - Capability inventory: Manipulation of local UI frames and persistent storage via
SavedVariables. - Sanitization: Recommended patterns focus on data integrity and API safety rather than input sanitization.
Audit Metadata