Coding
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill reads coding preferences from a local file (
~/coding/memory.md), which could theoretically be manipulated to influence the agent's behavior. - Ingestion points: The file
~/coding/memory.mdis loaded into the agent's context at the start of each session. - Boundary markers: None; the skill instructs the agent to apply stored preferences directly.
- Capability inventory: The skill is limited to file system creation (
mkdir) and writing to its own memory files, plus influencing the agent's output style. - Sanitization: None; the primary safeguard is the requirement for explicit user confirmation before any preference is written to the memory file.
- [COMMAND_EXECUTION] (LOW): The skill documentation includes the command
mkdir -p ~/codingto initialize its storage. This is a standard, non-malicious operation for persistent local storage.
Audit Metadata