write-skill
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The repository consists of templates and instructional material designed to standardize skill development. No malicious prompt injection or obfuscated code was found.\n- SECURITY_GOVERNANCE (SAFE): The inclusion of
references/security-and-governance.mddemonstrates a security-first approach, providing checklists for script safety, tool restrictions, and human-in-the-loop requirements for high-stakes actions.\n- LOCAL_VALIDATION (SAFE): Thescripts/validate_skill_dir.tsutility is a diagnostic tool for linting skill metadata and structure. It uses standard file system APIs and performs no network operations or data exfiltration.\n- INDIRECT_PROMPT_INJECTION (SAFE): While templates likeSKILL.fork-task.template.mddefine surfaces for argument ingestion, they are for developer use in building specific skills. The templates themselves do not provide an active attack surface or bypass safety guardrails.
Audit Metadata