configure-all
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill uses platform-specific command substitution in SKILL.md to gather project context (e.g., finding project indicators like package.json or grep-ing a standards version) during the loading phase. These commands are benign, hardcoded, and do not process user input or access sensitive data.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests local project data to guide its auditing logic. 1. Ingestion points: .project-standards.yaml, package.json, pyproject.toml, and Cargo.toml. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, and SlashCommand tools. 4. Sanitization: None; the skill maps detected project types to a fixed set of pre-defined internal slash-commands rather than interpreting instructions from the file content.
Audit Metadata