ai-code-security
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of YAML frontmatter and markdown instructions. No executable code, scripts, or binary files were detected.
- INDIRECT PROMPT INJECTION (LOW): The skill instructs the agent to use external files (
references/patterns.md,references/sharp_edges.md,references/validations.md) as a 'source of truth'. While this creates an ingestion surface for potentially untrusted data, the skill's lack of outbound capabilities (network, file-write, or shell execution) restricts the impact to the agent's internal reasoning and display output.
Audit Metadata