commandkit-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains architectural guidance and code snippets for implementing the
@commandkit/workflowplugin. Analysis across all 10 threat categories revealed no malicious behavior, obfuscation, or unauthorized data access. - [DATA_EXPOSURE]: No sensitive file paths, hardcoded credentials, or unauthorized network operations were identified. The code snippets follow standard Discord bot implementation patterns using the CommandKit framework.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping network content to a shell or using unsafe evaluation functions, were found.
- [PROMPT_INJECTION]: The skill instructions and metadata do not contain any patterns attempting to override agent behavior or bypass safety guidelines.
- [INDIRECT_PROMPT_INJECTION]: While the skill demonstrates handling interaction data (e.g., user IDs), it does not expose dangerous capabilities or ingest untrusted data in a way that would facilitate indirect injection attacks.
Audit Metadata