skill-developer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The provided files (
ADVANCED.md,HOOK_MECHANISMS.md,PATTERNS_LIBRARY.md,SKILL_RULES_REFERENCE.md,TRIGGER_TYPES.md) are exclusively Markdown documentation. No executable scripts (.sh, .ts, .js), binaries, or active configuration files are present in the analyzed set. - [PROMPT_INJECTION] (SAFE): Analysis of the documentation for bypass markers, role-play injections, or system prompt extraction yielded no results. The instructions focus on legitimate architectural definitions and pattern matching for feature activation.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were identified. The network operations described in the architectural diagrams are limited to internal hook mechanisms.
- [REMOTE_CODE_EXECUTION] (SAFE): Although the documentation references executing local scripts (e.g.,
npx tsx skill-activation-prompt.ts), these scripts are not part of the package. There are no patterns involving the download and execution of remote code from untrusted sources. - [COMMAND_EXECUTION] (SAFE): The files contain examples of terminal commands (e.g.,
jq,cat,npx) used for testing and validation. These are standard developer tools and do not constitute malicious command injection.
Audit Metadata