verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill consists of legitimate instructional content for quality control. No attempts to bypass safety filters or override system instructions were detected.
- Remote Code Execution (SAFE): The commands referenced (e.g., 'yarn test', 'npm run build') are standard for local development environments and are not associated with remote code execution or untrusted script downloads.
- Data Exfiltration (SAFE): No patterns of unauthorized network communication or access to sensitive files (e.g., credentials, SSH keys) were found.
- Indirect Prompt Injection (SAFE): While the skill involves reading tool outputs (Ingestion points: command results; Capability inventory: subprocess calls for git/npm; Boundary markers/Sanitization: absent), this is an intended functional surface for verification tasks and does not introduce a malicious attack vector.
Audit Metadata