wednesday-dev
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation and enforcement tool for coding standards. It includes guidelines for React, Next.js, and TypeScript development.
- [COMMAND_EXECUTION]: The skill defines allowed tools for linting, formatting, testing, and building (e.g.,
npm run test,npm run build). These are standard development operations and within the expected scope of a technical development skill. - [DATA_EXPOSURE]: The skill explicitly recommends best practices such as using environment variables for secrets and avoiding the exposure of sensitive data in client-side code.
- [PROMPT_INJECTION]: No malicious injection patterns or attempts to override system safety guidelines were found. The trigger instructions are clear and purpose-oriented.
- [INDIRECT_PROMPT_INJECTION]: The skill mentions a 'brownfield intelligence pipeline' that parses code comments for developer intent and tech debt. While this involves processing untrusted data (user-written comments), it is a standard documentation feature for the described ecosystem and does not pose a direct threat in this context.
Audit Metadata