task-writer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities detected. The skill functions as a documentation and generation engine for the Mechanic automation platform. All examples of external data transmission (HTTP, FTP, Email) are provided as architectural patterns for Shopify developers and utilize placeholder domains (e.g., example.com).
- [PROMPT_INJECTION]: The skill uses instructional markers like 'CRITICAL' and '⚡' to emphasize technical requirements for the generated code (such as outputting JSON rather than raw Liquid), not to override safety guidelines or agent constraints.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets were found. Documentation examples for API headers and authentication use placeholders like 'abc123' or Liquid variables representing user-provided options.
- [EXTERNAL_DOWNLOADS]: The skill references official resources for the platform, including the Mechanic task library and documentation sites (tasks.mechanic.dev, learn.mechanic.dev). These are legitimate vendor resources.
- [REMOTE_CODE_EXECUTION]: The skill generates Liquid templates which are executed within the Mechanic platform's sandboxed environment. There are no instructions for executing arbitrary code on the agent's host system.
Audit Metadata