ai-code-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill is purely informational and instructional. It defines a set of regex-based validation rules for an AI agent to use when reviewing or generating code.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill's primary purpose is processing user-provided code (an injection surface), the provided files contain defensive logic (validations.md) specifically designed to mitigate risks like unvalidated tool calls and unsafe execution. No evidence of malicious self-referential instructions or capability exposure was found.
- DATA_EXFILTRATION (SAFE): No network requests, hardcoded credentials, or sensitive file path accesses are present in the scripts or documentation.
- REMOTE_CODE_EXECUTION (SAFE): There are no package installations (npm/pip) or remote script downloads. The mention of 'eval' in the validation file is part of a rule to prevent its use, not an implementation of it.
Audit Metadata