Skills
skills/wenjunduan/rlues/riper-pace/Gen Agent Trust Hub

riper-pace

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes shell command substitution (!cat) in SKILL.md to load project metadata and task lists from the .ai_state/ directory into the agent's context during initialization to maintain state across sessions.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: For complex project paths (Path C+), the skill documentation in context-essentials.md specifies the execution of npx ecc-agentshield scan, which downloads and runs a security scanning package from the public NPM registry.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses and processes various project-specific files (e.g., design.md, tasks.md, project.json) within the .ai_state/ folder to manage the software development lifecycle.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local project files, which constitutes a surface for indirect prompt injection if those files are modified by untrusted sources.\n
  • Ingestion points: .ai_state/project.json and .ai_state/tasks.md in SKILL.md via !cat commands.\n
  • Boundary markers: Absent; the content is injected directly into the prompt without delimiters.\n
  • Capability inventory: File system commands (mkdir, cp), external package execution (npx), and specific review tools (/codex:review).\n
  • Sanitization: Absent; there is no evidence of input validation or content sanitization for the injected state files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:37 PM