agent-conventions
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill focuses on defining system prompt styles, naming conventions (kebab-case), and documentation standards for AI agents.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill includes a Python script
scripts/validate-agent-index.pythat reads the names of markdown files in a specified directory to compare them against a list inREADME.md. This script operates entirely locally and does not perform any network calls or access sensitive system configuration files. - [COMMAND_EXECUTION]: The skill instructions and evaluation files refer to a
wagents validatecommand. Given the author context (wyattowalsh), this appears to be a vendor-provided CLI tool for linting agent definitions and is considered a legitimate utility for the skill's purpose. - [INDIRECT_PROMPT_INJECTION]: While the skill processes agent files which could theoretically contain instructions, the validation logic is restricted to regex-based parsing for naming and table entry existence. It does not interpolate the content into prompts for further instruction-following in a way that introduces execution risk.
Audit Metadata