skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No patterns of instruction override or safety bypass were detected. The intent patterns defined in the documentation are for legitimate developer tasks such as feature creation and database work.
- Data Exposure & Exfiltration (SAFE): No credentials, secrets, or external network exfiltration patterns were found. The skill describes local session state management for tracking tool usage.
- Indirect Prompt Injection (LOW): The skill provides an interface for ingesting untrusted data.
- Ingestion points: User prompts processed via the UserPromptSubmit hook and file contents read during the PreToolUse hook.
- Boundary markers: No explicit boundary markers or sanitization are described in the configuration documentation.
- Capability inventory: The system can inject context into the LLM prompt (stdout) and block tool execution (exit code 2).
- Sanitization: Not documented within these files.
- Command Execution (SAFE): The documentation describes executing local scripts via 'npx tsx' as part of the hook architecture. This is a standard operational pattern for the target environment and does not involve downloading or executing remote code.
Audit Metadata