veteran-dev
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The analyzed skill consists entirely of Markdown files (SKILL.md and reference documents) that provide instructions and guidelines for a persona. No executable scripts, binaries, or active configuration files are included in the package.
- [PROMPT_INJECTION]: The skill uses instructional language to establish a persona ('30-year veteran Software Architect'). It does not attempt to override the underlying agent's safety protocols, bypass restrictions, or extract system-level prompts.
- [DATA_EXFILTRATION]: The documentation mentions architectural components like 'events.jsonl' for logging and 'ActivityWatcher' for monitoring filesystem events. These are described as local development utilities for observability and do not indicate any intent to exfiltrate data to remote servers.
- [COMMAND_EXECUTION]: The text references shell integration and 'executing arbitrary shell code' within a code review checklist. This is presented as a security consideration for the developer persona to evaluate when reviewing code, rather than instructions for the agent to execute dangerous commands.
Audit Metadata