python-async-workers
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): Detailed inspection of the skill instructions and code templates reveals no malicious behavior, prompt injection markers, or obfuscation techniques.
- [COMMAND_EXECUTION] (INFO): The skill is granted 'Bash' tool permissions. While this is a high-privilege capability that allows shell command execution, it is consistent with the skill's purpose of setting up and managing background worker environments.
- [DATA_EXPOSURE] (INFO): The skill references 'app/core/config.py' for sharing configuration. This is standard practice, but since configuration files often contain secrets, the agent's 'Read' access to this path should be monitored to prevent accidental data leakage.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill guides the agent in generating code based on external requirements for background tasks. This presents a potential injection surface if the requirements are sourced from untrusted third parties, though the architectural patterns provided (idempotency, centralized services) serve as partial logic-level mitigations.
Audit Metadata