project-agent-writer
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script
scripts/init_agent.pyto generate agent definitions. The script uses standard libraries and performs safe string-based template replacement, avoiding dangerous dynamic execution functions. - [DATA_EXFILTRATION]: To ensure compatibility with project conventions, the skill identifies existing agents and integration points within the workspace. This data access is restricted to the local project environment and is essential for its primary function.
- [PROMPT_INJECTION]: The skill ingests user input to generate agent instructions. 1. Ingestion points: User problem descriptions provided in L1 are interpolated into templates. 2. Boundary markers: The skill implements a mandatory 'Validation' step in L4 and 'Quality Gates' in L6 to ensure human review and adherence to constraints. 3. Capability inventory: File creation via the
init_agent.pyscript. 4. Sanitization: Relies on structured template logic and a comprehensive test suite inevals/evals.jsonthat filters for injection, homoglyphs, and target pollution.
Audit Metadata