Skills
skills/taylorhuston/local-life-manager/quality/Gen Agent Trust Hub

quality

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill ingests untrusted source code from project directories and passes it to LLM agents for analysis, creating a surface for instructions embedded in code (e.g., comments) to influence agent behavior.
  • Ingestion points: The skill uses Read, Glob, and Grep tools to read files from spaces/[project]/.
  • Boundary markers: Absent. There are no instructions to the agent to ignore or delimit embedded commands within the source files.
  • Capability inventory: The skill has access to the Bash and Task tools, allowing it to execute shell commands and coordinate other agents.
  • Sanitization: Absent. The skill does not perform any escaping or validation of the code content before processing.
  • Command Execution (SAFE): The skill uses the Bash tool to execute npm test, npm run lint, and npm run type-check. While these execute code, they are standard operations for a code quality tool and align with the primary purpose of the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:29 PM