trellis-meta
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of 24 technical documentation files in Markdown format. No executable scripts, binaries, or active code components are provided within the skill package.
- [NO_CODE]: There are no functional programming scripts (Python, JavaScript, Shell) to execute. The content is purely informational, serving as a meta-skill to help an agent understand the Trellis system architecture.
- [SAFE]: Analysis of the documentation reveals no malicious intent or deceptive patterns. It describes a legitimate development workflow involving Git worktrees, automated testing loops (Ralph Loop), and context injection for specialized sub-agents.
- [SAFE]: Mentions of sensitive file names (e.g.,
.env,credentials.json,google-cloud-key.json) occur only within technical examples and configuration templates for Git worktree isolation. No actual credentials or secrets are hardcoded in the skill. - [SAFE]: The skill does not contain any prompt injection attacks, bypass instructions, or attempts to extract system prompts. The 'AI Instructions' sections provided in the meta-guides are functional constraints designed to maintain documentation quality and project isolation.
Audit Metadata