skill-developer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The documentation describes a system that executes local shell scripts and TypeScript files (e.g.,
skill-activation-prompt.shvianpx tsx) during the prompt and tool-use lifecycle. - DATA_EXFILTRATION (LOW): The framework reads and processes user prompts and project file contents to perform trigger pattern matching, accessing potentially sensitive data.
- PROMPT_INJECTION (LOW): The system defines a mechanism to inject block messages into the LLM context via stderr, which constitutes an indirect prompt injection surface. Evidence: 1. Ingestion points: User prompts and file content; 2. Boundary markers: Absent; 3. Capability inventory: Tool blocking and prompt injection; 4. Sanitization: Absent.
Audit Metadata