senior-fullstack
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were identified in the provided skill documentation or configuration files.
- [COMMAND_EXECUTION]: The skill documentation references the execution of local Python utility scripts for tasks such as scaffolding and code analysis (e.g.,
scripts/project_scaffolder.py). These are standard administrative functions for this skill's stated purpose. - [EXTERNAL_DOWNLOADS]: Instructions for installing dependencies using standard package managers ('npm install', 'pip install -r requirements.txt') are included. No untrusted or malicious external download sources are referenced.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes project code and directories. 1. Ingestion points: Analyzes files at a user-provided target path via the project scaffolder and analyzer scripts. 2. Boundary markers: None documented. 3. Capability inventory: Execution of Python scripts and deployment commands (Docker, kubectl). 4. Sanitization: None documented in the skill instructions.
Audit Metadata