service-best-practice
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains standard instructional content for code architecture. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were found. Code examples for external API integration (GitHub) follow standard patterns and do not involve unauthorized data access.
- [Remote Code Execution] (SAFE): The skill does not perform any remote script downloads, piped bash executions, or dynamic code evaluation.
- [Obfuscation] (SAFE): All content is provided in clear text. No Base64 encoding, zero-width characters, or homoglyphs were detected.
- [Privilege Escalation & Persistence] (SAFE): No commands involving sudo, chmod, or modification of system configuration files (e.g., .bashrc, cron) are present.
- [Indirect Prompt Injection] (LOW): While the skill involves processing and refactoring developer-provided code (an ingestion point), it promotes the use of Zod for strict input validation, which is a primary security best practice for sanitizing external data.
Audit Metadata