project-structure
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill consists entirely of instructional Markdown files. There are no executable scripts (Python, Node.js, Shell), binaries, or configuration files that could facilitate malicious actions.
- [NO_CODE]: The logic of the skill is contained within prompts that guide the AI agent on how to evaluate project structures. It does not ship with any accompanying code or software modules.
- [PROMPT_INJECTION]: Analysis of the provided instructions reveals no attempts to bypass safety filters, extract system prompts, or override agent constraints. The prompts are focused strictly on the domain of project organization.
- [DATA_EXFILTRATION]: No network operations, API calls, or sensitive file access patterns were detected. The skill does not communicate with external servers.
- [INDIRECT_PROMPT_INJECTION]: The skill includes a workflow that prompts the agent to analyze external data such as project commits, documentation, and source code. This represents a minor vulnerability surface.
- Ingestion points: Source code, commit history, and documentation from the user's project.
- Boundary markers: None present; the instructions do not define specific delimiters for untrusted content.
- Capability inventory: The skill does not define any active tools or functions (e.g., file-writing, subprocess execution, or network calls).
- Sanitization: No explicit sanitization or validation of the ingested code/comments is performed.
- Risk Assessment: While the agent processes untrusted data, the skill itself provides no high-privilege capabilities for an attacker to exploit, rendering the practical risk negligible.
Audit Metadata