sdk-verify
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The TypeScript verifier prompt (verifier-ts.md) includes an instruction to run 'npx tsc --noEmit'. This is a standard non-destructive diagnostic command used to verify type safety in TypeScript projects.
- COMMAND_EXECUTION (SAFE): The Python verifier prompt (verifier-py.md) includes instructions to check 'pip list' for verifying package versions. This is a standard environment inspection command.
- PROMPT_INJECTION (SAFE): The skill is susceptible to Indirect Prompt Injection (Category 8) as it is designed to analyze untrusted application code. This is inherent to its primary purpose.
- Ingestion points: Files like requirements.txt, package.json, and source code files within the target directory.
- Boundary markers: Not explicitly defined in the prompts; the agent is instructed to read files directly.
- Capability inventory: The agent can read files and execute diagnostic commands (tsc, pip).
- Sanitization: No specific sanitization logic is provided; the skill relies on the LLM's own safety guardrails.
Audit Metadata