software-architecture
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The 'Library-First Approach' section mandates that the agent 'ALWAYS search for existing solutions before writing custom code' and specifically to 'Check npm for existing libraries.' This directive encourages the agent to pull in third-party code by default, which presents a security risk if the agent selects a malicious or typosquatted package from a public registry.
- [COMMAND_EXECUTION] (SAFE): No direct system commands, shell scripts, or subprocess executions are present in the skill file.
- [PROMPT_INJECTION] (SAFE): The content consists of development guidelines and does not contain markers for overriding system instructions or bypassing safety filters.
- [DATA_EXFILTRATION] (SAFE): There are no patterns indicating network requests or attempts to read sensitive system files.
Audit Metadata