add-checkpoints
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill operates on local directories to assist in development workflows.
- [COMMAND_EXECUTION]: The skill workflow involves executing a local script (
scripts/run-checkpoints.sh) to validate generated checkpoints. This is an intended function for development validation within the skill framework. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests and parses
SKILL.mdfiles from other skill directories to extract requirements. - Ingestion points: Target skill's
SKILL.md,references/, andscripts/folders. - Boundary markers: No explicit boundary markers or safety instructions for parsing untrusted markdown files were identified.
- Capability inventory: Capability to write YAML files and execute local validation scripts.
- Sanitization: No explicit sanitization or validation of the input skill content is mentioned.
Audit Metadata