svelte5-runes
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Overall Assessment (SAFE): The skill is entirely composed of informational content and documentation. There are no executable scripts (
.sh,.js,.py) or configuration files that trigger system-level actions. - Prompt Injection (SAFE): No malicious instructions were found. The skill and associated agent (
runes-expert.md) are focused on technical guidance for Svelte 5 without attempting to bypass safety filters or extract system prompts. - Data Exposure & Exfiltration (SAFE): There are no references to sensitive file paths, environment variables, or hardcoded credentials. No network operations (
curl,fetch, etc.) are present in any of the files. - Unverifiable Dependencies (SAFE): The skill does not define any external dependencies in
package.jsonor other package manifests. It is a 'no-code' skill providing only documentation and LLM instructions. - Obfuscation (SAFE): Analysis of the text across all files revealed no hidden Unicode characters, Base64-encoded payloads, or homoglyphs.
- Indirect Prompt Injection (LOW): As a guidance skill, it is designed to ingest and analyze user-provided Svelte code. While this is a potential ingestion point for untrusted data, the skill lacks any capabilities (such as file-writing, shell execution, or network access) that could be exploited via indirect injection. The severity is negligible.
Audit Metadata