replacing-text
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation (SKILL.md and reference/sd-guide.md). No executable scripts (.sh, .py, .js), binaries, or configuration files for automated execution are included.
- [COMMAND_EXECUTION] (SAFE): Examples provided in the documentation use standard, well-known CLI tools (sd, fd, ripgrep, jq, git) for their intended purposes in a software development workflow. There are no signs of command obfuscation or suspicious shell patterns.
- [PROMPT_INJECTION] (SAFE): The skill describes processing untrusted text data, which represents a surface for indirect prompt injection. Ingestion points: generic text files and command pipelines; Boundary markers: absent; Capability inventory: file replacement (sd) and version control (git); Sanitization: absent (standard CLI behavior).
- [DATA_EXPOSURE] (SAFE): The documentation does not reference sensitive file paths, environment variables, or hardcoded credentials. All examples use generic filenames such as 'file.txt' and 'config.json'.
Audit Metadata