software-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): Instructions focus on development best practices without attempting to override system safety protocols.
- Data Exposure & Exfiltration (SAFE): No exposure of sensitive files (e.g., .ssh, .env) or unauthorized exfiltration of data was found.
- Unverifiable Dependencies & RCE (SAFE): No remote scripts or untrusted package installations are requested. CI checks use existing local tools.
- Indirect Prompt Injection (LOW): The skill analyzes untrusted project data. Evidence Chain: 1. Ingestion points: File reads of specs/ and source code in the repository. 2. Boundary markers: None explicitly defined to wrap external content. 3. Capability inventory: CI command execution (tests/lint), git status/diff analysis, and web search for documentation. 4. Sanitization: No explicit sanitization mentioned. Risk is considered low as the skill's primary focus is code generation and refactoring with a user-in-the-loop commit process.
- Command Execution (SAFE): Destructive or state-changing git commands (add, commit, push) are restricted and require explicit user approval.
Audit Metadata