nodejs-expert
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's instructions and scripts are focused on legitimate development guidance and do not contain malicious patterns or obfuscated code.
- [COMMAND_EXECUTION]: The 'Memory Protocol' section in
SKILL.mddirects the agent to executecat .claude/context/memory/learnings.md. This is a benign operation used to maintain context/memory across sessions in supported agentic environments and does not target sensitive user credentials or system files. - [PROMPT_INJECTION]: The skill is designed to ingest and review untrusted code, creating a surface for indirect prompt injection.
- Ingestion points: Code review and refactoring capabilities specified in the identity and capabilities sections of
SKILL.md. - Boundary markers: Absent; the skill does not include specific delimiters or instructions to ignore embedded directives in the code being reviewed.
- Capability inventory: The skill utilizes
Bash,Write,Edit,Grep,Glob, andReadtools as defined in the YAML frontmatter. - Sanitization: No explicit sanitization or validation of the ingested code content is performed within the skill's logic.
Audit Metadata