skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The submission contains only documentation files (.md). No executable scripts (.sh, .ts, .py) or configuration files were included for analysis.
- Indirect Prompt Injection (LOW): The documentation describes a system that ingests untrusted user prompts and file content to trigger agent behaviors via regex matching. While this represents a vulnerability surface, it is a design feature of the described guardrail system. Evidence Chain: 1. Ingestion points: User prompts and file content via stdin (HOOK_MECHANISMS.md). 2. Boundary markers: No delimiters or ignore instructions are specified for the regex processing. 3. Capability inventory: Ability to block file edits (exit code 2) or inject context (stdout). 4. Sanitization: No sanitization logic is mentioned in the documentation.
Audit Metadata