software-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill contains a 'Library-First Approach' directive requiring the agent to 'ALWAYS search for existing solutions' on npm and consider third-party APIs/SaaS before writing custom code. While this aligns with standard software engineering practices, it creates a potential attack surface where the agent might select malicious, typosquatted, or vulnerable packages if it is tasked with automated development or dependency management.
- [NO_CODE] (INFO): The skill is purely instructional and does not contain any executable scripts, shell commands, or network logic, which significantly reduces the immediate risk profile.
- [PROMPT_INJECTION] (INFO): The instructions use strong imperative language ('ALWAYS', 'MUST', 'Do NOT') to shape agent behavior. While these are used for architectural standards, the same pattern could be used to override default agent behaviors if modified by an attacker.
Audit Metadata