skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a framework for contextual injection based on user prompts. Ingestion points: User prompts are processed by the UserPromptSubmit hook. Boundary markers: Recommended skills are delimited by visual banners in the agent's context. Capability inventory: The system utilizes local TypeScript and Python scripts for operational tasks. Sanitization: Prompt analysis is performed for intent categorization without modifying original instructions.
- [COMMAND_EXECUTION]: Execution is restricted to internal scripts (e.g., skill-activation-prompt.ts, validate_skill_references.py) required for skill lifecycle management.
- [DATA_EXFILTRATION]: No unauthorized data transmission patterns were found. The use of local .env files for API keys is a standard development practice.
- [REMOTE_CODE_EXECUTION]: The skill interacts with the trusted Anthropic API for intent analysis and does not execute code from unknown remote sources.
- [DATA_EXPOSURE]: Skill state and cache files are maintained locally within the project's .claude and .cache directories.
Audit Metadata