write-coding-standards-from-file
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches reference style guides from a large set of well-known domains and official organizations, including Microsoft, Google, GitHub, and language-specific foundations (Python.org, Rust-lang.org, etc.) when the fetchStyleURL option is enabled.
- [COMMAND_EXECUTION]: Instructs the agent to perform file system operations, such as creating new documentation files (e.g., CONTRIBUTING.md, STYLE.md) or appending data to the project's README.md file.
- [COMMAND_EXECUTION]: Provides logic for the agent to modify source code files to fix syntax inconsistencies (indentation, naming, etc.) discovered during the analysis phase.
- [PROMPT_INJECTION]: The skill ingests content from external files (fileName/folderName) and an optional instructions parameter. This represents a surface for indirect prompt injection, as the agent processes these inputs to determine formatting rules. Evidence: Ingestion points (fileName, folderName, instructions); Boundary markers (None); Capability inventory (File read, file write, network fetch); Sanitization (None).
- [PROMPT_INJECTION]: Includes a configuration override mechanism where any variable name passed in the prompt can override the skill's default behavior, giving the user direct control over parameters like file modification and external fetching.
Audit Metadata