Reins
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions frequently use shell commands to operate the Reins CLI, specifically
npx,bun, andcdcommands across multiple workflow files. - [EXTERNAL_DOWNLOADS]: The skill relies on fetching and executing code from the npm registry at runtime using
npx reins-cli@latest,npx skills check, andnpx skills update. While these appear to be vendor-associated tools, they constitute runtime downloads of executable code. - [REMOTE_CODE_EXECUTION]: Instructions provide a path to execute local TypeScript code using
bun src/index.ts <command> ../..when working within the repository's own source structure. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it is designed to read and analyze contents from arbitrary user repositories (e.g.,
AGENTS.md,ARCHITECTURE.md, and other documentation). - Ingestion points: The
audit,doctor, andevolveworkflows ingest data from a user-provided directory path. - Boundary markers: No explicit boundary markers or instructions to ignore embedded directives within the analyzed files are documented.
- Capability inventory: The skill possesses the ability to execute shell commands (
npx,bun) and write files to the local filesystem (e.g., duringreins initorevolve --apply). - Sanitization: There is no evidence of sanitization or safety filtering of the data read from the target repository before it is processed by the agent.
Audit Metadata