cto-playbook
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a set of engineering best practices and security guidelines for an AI agent to follow. It encourages TDD, type safety, and observability.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends using
snyk-agent-scan, which is a security tool provided by Snyk, a well-known security service. This is documented neutrally as a recommended defensive practice for auditing external agent components. - [COMMAND_EXECUTION]: The skill contains instructional shell commands and CI/CD configuration snippets intended for the user or agent to use for security verification. These commands target reputable security tools and do not involve any hidden or autonomous execution of untrusted code.
- [PROMPT_INJECTION]: The skill uses persona-setting instructions ("You are operating as a world-class CTO") to guide the agent's behavior toward high engineering standards. It does not attempt to bypass the agent's core safety guidelines or ignore previous system instructions.
Audit Metadata