lifecycle-adoption
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A detailed analysis of the skill's core files and reference sheets confirms that the content is legitimate and focuses exclusively on software process improvement. No indicators of prompt injection, data exfiltration, or persistence mechanisms were found across the instructions or metadata.
- [EXTERNAL_DOWNLOADS]: The skill suggests the installation of well-known development tools and libraries from official registries, including
pytest,jest,flake8,pandas, andnumpy. These dependencies are appropriate for the skill's stated purpose of quality assurance and process measurement. - [COMMAND_EXECUTION]: The skill provides templates for executing legitimate auditing commands, such as using the GitHub CLI (
gh api) to verify branch protection settings andgitfor commit history analysis. These scripts correctly utilize environment secrets for sensitive data like Slack webhooks. - [PROMPT_INJECTION]: Assessment of indirect prompt injection surface: Ingestion points are located in
managing-transition.md(codebase scanning) andretrofitting-measurement.md(GitHub API data reading). While the example scripts do not include explicit boundary markers or sanitization logic, the risk is negligible as they are intended as user-managed templates rather than autonomous agent behaviors.
Audit Metadata