tech-stack-evaluator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [NO_CODE]: The submission consists entirely of markdown documentation. While it references several Python modules for data fetching and analysis, the actual source code is not provided.
- [EXTERNAL_DOWNLOADS]: The skill's documentation describes fetching configuration and technology metrics from well-known services, including GitHub and npm, for health scoring and viability assessments.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and process data from external, third-party sources. * Ingestion points: Documentation URLs, GitHub repository contents, and npm package metadata processed during stack evaluation. * Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore commands embedded within the fetched external data. * Capability inventory: The described functions are limited to analytical report generation; there are no described capabilities for command execution or sensitive file access. * Sanitization: No validation or filtering mechanisms are mentioned for content retrieved from external sources.
Audit Metadata