funstack-static-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill directs the agent to read documentation from a local path within
node_modules. While this is an ingestion point for external data, the skill itself defines no dangerous capabilities (like shell execution or network exfiltration) that could be exploited by malicious content in those docs. - Ingestion points:
node_modules/@funstack/static/dist/docs/index.md - Boundary markers: Absent
- Capability inventory: None (Knowledge-only skill)
- Sanitization: Absent
- External Downloads (SAFE): References standard Node.js packages (
@funstack/static,vite) used in the project configuration but does not perform any runtime installations or downloads.
Audit Metadata