fullstack-basics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill includes a Python script (
scripts/validate.py) that uses the standardyaml.safe_load()function to parse local configuration files. It does not perform any network operations or download external scripts. - Indirect Prompt Injection (INFO): The skill processes user-provided project descriptions to generate architectural recommendations. While this is an ingestion surface, the skill lacks write or execute capabilities that would allow for exploitation via injected instructions.
- Dynamic Execution (SAFE): No use of
eval(),exec(), or other dynamic code execution patterns was found in the provided scripts. - Data Exposure & Exfiltration (SAFE): The skill does not access sensitive system paths or hardcode credentials, and it contains no network communication code.
Audit Metadata