Skills
skills/terminalskills/skills/hatchet/Gen Agent Trust Hub

hatchet

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill consists of instructional content for the Hatchet workflow engine. All referenced resources, such as the @hatchet-dev/typescript-sdk npm package, are official and well-known developer tools.
  • [EXTERNAL_DOWNLOADS]: Fetches the TypeScript SDK from the official npm registry and provides instructions for self-hosting Hatchet via its official GitHub-hosted Docker configuration.
  • [COMMAND_EXECUTION]: Includes standard shell commands for installing dependencies and managing Docker containers, which are necessary for the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill facilitates processing external data via workflow steps. This creates a surface for indirect prompt injection if user-provided inputs are not properly sanitized.
  • Ingestion points: ctx.input() and ctx.stepOutput() in SKILL.md
  • Boundary markers: Absent
  • Capability inventory: Network requests (fetch), email dispatch (sendEmail), and database operations (createWorkspace) in SKILL.md
  • Sanitization: Absent in the provided code examples
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 01:11 PM