best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions to ignore instructions or commands found within web-fetched content, effectively mitigating indirect prompt injection risks.
- [DATA_EXFILTRATION]: Input validation for the search scope prevents directory traversal and unauthorized file access by enforcing repo-relative paths and rejecting absolute or relative parent paths.
- [EXTERNAL_DOWNLOADS]: The skill utilizes web research tools responsibly, mandating independent cross-verification of claims and prohibiting the execution of any code found in external documentation.
Audit Metadata