cloudwerk-monorepo
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues were detected. The skill provides a legitimate documentation-based workflow for managing a framework's monorepo.
- Prompt Injection (SAFE): The markdown instructions do not contain any patterns aimed at overriding the agent's system prompt or bypassing safety protocols.
- Command Execution (SAFE): The included
changeset.shscript is a simple file-creation utility. It reads user input (package name, bump type, description) and writes it to a markdown file using a heredoc. The script does not evaluate or execute the content of the user input, preventing command injection. - Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any remote downloads or execute scripts from external sources. All suggested commands use local standard development tools like
pnpmandvitest. - Indirect Prompt Injection (SAFE): While the skill takes user input to create a file, it does not possess any capabilities that would allow this input to be executed or interpreted maliciously within the context of the skill's operations.
Audit Metadata