warden-dev
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves its stated purpose of providing instructions and command references for the Warden CLI tool. All external resources, including documentation links and GitHub repositories, belong to the official vendor (wardenenv) or are well-known developer services.
- [COMMAND_EXECUTION]: The skill provides the agent with commands to interact with the local
wardenCLI. These commands (e.g.,warden env up,warden shell,warden db import) are standard for local development environment management and are executed with the user's implicit intent when managing their own projects. - [INDIRECT_PROMPT_INJECTION]: The skill contains logic to read local project
.envfiles to generate configuration tables. This is an intended feature but represents an ingestion point for untrusted data. - Ingestion points: Project-level
.envfiles and global configuration in~/.warden/.env(referenced inSKILL.mdandreferences/global-services.md). - Boundary markers: Absent; the skill relies on the agent's ability to map known variables (
PHP_VERSION,WARDEN_DB, etc.) rather than executing arbitrary content from the file. - Capability inventory: The skill leverages the
wardenCLI for container orchestration, shell access, and database management. Cross-script capabilities include file reads and shell command execution. - Sanitization: None; the agent is expected to parse the file content as key-value pairs.
Audit Metadata