capability-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a development framework for creating secure capabilities, mandating domain boundaries and input validation.
- [SAFE]: Indirect prompt injection surfaces are addressed through mandatory controls:
- Ingestion points: User-provided identifiers and names in exported actions (SKILL.md, references/capability-template.md).
- Boundary markers: Mandatory domain-gating checklists and explicit assertInDomain scope checks.
- Capability inventory: Gated resource access using @tokenspace/sdk action and approval functions.
- Sanitization: Enforcement of Zod schema validation and input normalization rules.
- [EXTERNAL_DOWNLOADS]: The skill utilizes @tokenspace/sdk and zod, which are vendor-specific and standard libraries respectively.
Audit Metadata