starwards-verification
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill utilizes standard Node.js development commands such as
npm test,npm run build, andnpm ci. These operations are well-aligned with the skill's primary purpose of verifying project integrity. - [Indirect Prompt Injection] (SAFE): The skill monitors command outputs to confirm success. 1. Ingestion points: Command output and
test-results/files. 2. Boundary markers: Absent. 3. Capability inventory: Execution of project-defined npm scripts. 4. Sanitization: Absent. This is considered safe as it is essential for the skill's verification logic. - [Prompt Injection] (SAFE): The skill employs strong instructional directives (e.g., 'Iron Law') to ensure the agent performs verification before claiming completion. These instructions serve to define a reliable task persona rather than to bypass safety guardrails.
Audit Metadata