makepad-platform
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill defines specific behavioral instructions that require the agent to read local reference files (
./references/platform-support.md) and suggest synchronization commands (/sync-crate-skills) if files are missing. This configuration creates an indirect prompt injection surface. - Ingestion points: Local documentation files mentioned in SKILL.md.
- Boundary markers: The skill does not provide specific delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: The skill is limited to providing development guidance and code snippets; it does not possess dangerous capabilities like subprocess execution or file-system writing.
- Sanitization: No sanitization or validation of the reference file content is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill provides a link to the official Makepad widgets package on crates.io, which is a well-known and trusted package registry for the Rust ecosystem.
- [SAFE]: The provided Rust code examples for platform detection and conditional compilation are standard development patterns and do not involve dynamic execution or unsafe data handling.
Audit Metadata