extension-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a pure documentation resource focused on extension development and does not contain any executable code.
- [SAFE]: The documentation includes dedicated security sections such as a "Security Checklist" and "Tool Security" guidelines, promoting best practices like the principle of least privilege.
- [SAFE]: Command examples (e.g., git status, npm test, osascript) are purely illustrative and use placeholders or safety spacing (e.g., "! git") to prevent accidental execution during the skill's loading process.
- [SAFE]: The skill provides explicit guidance on mitigating indirect prompt injection and ensuring path safety when authoring automation hooks and subagents.
- [SAFE]: No obfuscation, data exfiltration, persistence mechanisms, or unauthorized remote code execution patterns were found.
Audit Metadata