replit-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): Analysis of the skill files confirms that no executable scripts or binaries are present; the skill is entirely comprised of Markdown documentation and templates.
- [DATA_EXPOSURE] (SAFE): The skill identifies the need for sensitive data like API keys but correctly instructs users to use 'Replit Secrets' (environment variables) for storage, minimizing the risk of credential leakage.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill acts as a text processor for user requirements, creating a surface for indirect injection. Evidence: (1) Ingestion points: User input requirements in SKILL.md. (2) Boundary markers: Markdown headers are used as delimiters in generated prompts. (3) Capability inventory: No capabilities or script execution tools are included in the skill. (4) Sanitization: No sanitization or escaping of user input is performed. The risk is assessed as LOW due to the absence of execution triggers.
Audit Metadata