slash-command-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The documentation describes the use of bash execution ([execute: ]) as a core feature. It explicitly warns against destructive commands (e.g., 'rm -rf') and provides detailed instructions on how to use frontmatter to restrict bash tool permissions to specific operations (e.g., 'Bash(git:*)').
- [EXTERNAL_DOWNLOADS] (SAFE): Examples within the troubleshooting and best practices guides mention tools like 'npm', 'pip', and 'npx' for tasks such as dependency checking and testing. These are presented as educational examples for development workflows and do not constitute malicious or hidden downloads.
- [DATA_EXFILTRATION] (SAFE): While the system supports reading files via the '@' prefix for context, the documentation does not contain any patterns for sending sensitive information to external domains.
- [PROMPT_INJECTION] (SAFE): The templates provide placeholders for user input ($ARGUMENTS), but the documentation itself contains no instructions that attempt to bypass AI safety filters or override system behavior maliciously.
Audit Metadata