ivangrynenko-cursorrules-drupal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is educational and focuses on security best practices.
- DATA_EXFILTRATION (SAFE): There are no commands or network operations that attempt to access sensitive system files or send data to external domains. The skill only contains patterns to help detect hardcoded credentials in the user's own code.
- REMOTE_CODE_EXECUTION (SAFE): No remote scripts or unverifiable dependencies are downloaded or executed. While the documentation mentions a sync script (
.claude/scripts/sync-ivan-rules.sh), the script itself is not included in the skill's operational flow, and the reference files are static markdown. - OBFUSCATION (SAFE): No encoded content, multi-layer Base64, zero-width characters, or homoglyphs were detected. All instructions and patterns are in plain, human-readable markdown.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process untrusted data (user-provided PHP/Drupal code). While an attacker could theoretically embed malicious instructions in code comments to influence the agent during a security review, the skill's specific focus on regex-based enforcement checks and its lack of high-privilege tool capabilities make this a low-risk surface.
Audit Metadata