rule-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill operates on local workspace files specifically within the .agent/rules/ directory. There are no network requests, credential access patterns, or exfiltration vectors identified.
- [Indirect Prompt Injection] (SAFE): The skill supports @mentions to reference other files for context. While this is an ingestion surface for external data, it is used here as an intended documentation feature and does not involve unsafe interpolation or execution of that data.
- [No Code] (SAFE): The skill contains only Markdown files and frontmatter. No Python scripts, Node.js packages, or shell commands are included, which minimizes the technical risk profile.
- [Security Best Practices] (SAFE): The skill proactively includes templates for security rules, such as preventing SQL injection and hardcoded secrets, which encourages secure user configurations.
Audit Metadata