agently-task-dev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation includes specific 'Safety Hard Rules' that instruct the agent to treat any content retrieved from external tools (Search/Browse) as untrusted data rather than instructions. This design pattern is specifically aimed at preventing indirect prompt injection attacks.
- [COMMAND_EXECUTION]: The skill includes a local utility script
scripts/scaffold_task_with_tests.pythat creates a directory structure and writes Python boilerplate code for task development. This functionality is consistent with its stated purpose as a developer tool and does not involve unauthorized command execution. - [DATA_EXFILTRATION]: There is no evidence of hardcoded credentials or unauthorized data transmission. The 'OpenAICompatible Settings Cookbook' and other references emphasize best practices such as loading API keys from environment variables and stripping sensitive data from logs.
- [EXTERNAL_DOWNLOADS]: The skill references standard installation procedures using well-known package managers (pip, npm) and provides a 'MCP Safety Checklist' to ensure that external Model Context Protocol servers are audited and restricted to an allowlist before being used.
Audit Metadata