next-step
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill defines a structured, logical workflow for resuming development work and contains no indicators of malicious intent or behavior.
- [NO_CODE]: This skill consists entirely of markdown-based instructions and does not include any scripts, binaries, or automated package installations.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it instructs the agent to read potentially untrusted content from the codebase (e.g., TODOs, comments). \n
- Ingestion points: Codebase, documentation, task lists, and recent edits (SKILL.md). \n
- Boundary markers: Absent. \n
- Capability inventory: File system writes and execution of verification tools. \n
- Sanitization: Not specified in the instructions. \n
- Note: This represents a standard risk for coding assistants; the skill's own logic is safe.
Audit Metadata