Skills
skills/mindfold-ai/trellis/before-dev/Gen Agent Trust Hub

before-dev

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script ./.trellis/scripts/get_context.py to discover available packages. This is a standard developer workflow operation.
  • [PROMPT_INJECTION]: The skill ingests untrusted content from local specification files (e.g., .trellis/spec/index.md) and injects it into the agent's context, creating a surface for indirect prompt injection.
  • Ingestion points: Specification files located in .trellis/spec/ and its subdirectories.
  • Boundary markers: None identified; documentation content is read and integrated directly into the prompt context.
  • Capability inventory: The agent can execute local Python scripts and read arbitrary local files from the filesystem.
  • Sanitization: No validation or sanitization of ingested content is performed before injection into the prompt context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:33 AM