agent-bridge
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious override patterns, role-play instructions, or safety bypass attempts were detected. The instructions are focused on providing a structured developer workflow.
- [DATA_EXFILTRATION]: No unauthorized data access or external transmission patterns were identified. The skill operates on the local codebase and focuses on creating local documentation and API endpoints.
- [REMOTE_CODE_EXECUTION]: The skill does not contain patterns for downloading or executing remote scripts. It guides the agent to modify the local codebase to implement specific security features.
- [COMMAND_EXECUTION]: While the skill involves scanning the codebase and modifying files, these are intended actions within the developer's environment. It explicitly instructs the agent to ask for permission before adding infrastructure or persistence layers.
- [INDIRECT_PROMPT_INJECTION]: The skill has a potential attack surface in Step 1 when scanning the codebase for actions. If a codebase contains malicious instructions in comments or metadata, the agent might interpret them. However, the requirement for an interactive interview with the user and the structured approval process in the review layer (Step 2) act as strong mitigations. (Severity: LOW).
- [SAFE]: The skill implements and recommends several security best practices, including feature flags, secret-based authentication for local endpoints, and environment checks to prevent execution in production.
Audit Metadata