weed
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
allium checkcommand-line tool to validate the syntax of.alliumfiles after modifications. This is a legitimate use of a local development tool for verification purposes. - [DATA_EXPOSURE]: The skill reads project source code and specification files to compare them. This access is restricted to the local filesystem and is necessary for identifying drift between documentation and implementation.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect injection as it processes untrusted project files and has write/execute capabilities.
- Ingestion points: Reads
.alliumspecification files and implementation source code. - Boundary markers: None specified to differentiate between file content and agent instructions.
- Capability inventory: Includes the ability to write to project files and execute shell commands (
allium check). - Sanitization: No sanitization or validation logic is present for the ingested file content.
- [SAFE]: The skill does not perform any network operations, use obfuscation, or attempt to access sensitive system files like credentials or SSH keys. All actions are scoped to the local project development environment.
Audit Metadata