bkit-templates
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of static markdown templates and instructions for variable substitution (e.g., feature name, project name). It does not include executable code, external scripts, or network requests.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or access to sensitive local file paths (such as SSH or AWS configurations) were detected.
- [REMOTE_CODE_EXECUTION]: No patterns for downloading or executing remote code (e.g., curl|bash) were found. The skill does not define any external dependencies in standard package manager formats.
- [PROMPT_INJECTION]: The instructions in SKILL.md provide clear operational boundaries for document generation without attempting to bypass safety filters or override system-level agent instructions.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided strings (like feature names) to populate templates, the output is limited to markdown documentation files. There is no evidence that this input is used in dangerous sinks like shell execution or dynamic code evaluation. Ingestion points include the
{feature}and{project}variables which are written to files in thedocs/directory.
Audit Metadata