zig-programming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The script
scripts/detect_version.pyexecutes a fixedzig versioncommand usingsubprocess.run. This is used to determine the user's environment to provide version-specific documentation and does not include any unsanitized user input. - DATA_EXPOSURE (SAFE): The skill analyzes local project configuration files (
build.zig,build.zig.zon) and source code to identify Zig versions and patterns. No access to sensitive system directories (e.g.,.ssh,.aws) or hardcoded secrets were detected. - INDIRECT_PROMPT_INJECTION (SAFE): While the skill ingests untrusted user code for analysis, it does not provide privileged sinks or unsafe interpolation points that could be exploited by malicious content embedded in source files. The risk of indirect prompt injection is negligible given the skill's capabilities.
- REMOTE_CODE_EXECUTION (SAFE): Analysis of the provided Python scripts and instructions revealed no patterns of remote code execution, piped downloads, or dynamic execution of untrusted external logic.
Audit Metadata