tldr-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes standard command-line tools (repomix, gitingest) and MCP tools (llm-tldr) for their intended purposes. The examples provided are well-structured and do not involve shell piping to untrusted sources or high-privilege operations.
- [DATA_EXPOSURE] (SAFE): The skill explicitly addresses data security by recommending the use of
secretlintand configured ignore-lists to ensure that API keys, PII, and sensitive metadata are excluded from context bundles. - [INDIRECT_PROMPT_INJECTION] (LOW): As the skill involves ingesting and summarizing external codebases, there is a inherent surface for indirect prompt injection. However, the skill implements defensive patterns such as XML boundary markers and signature-only extraction to reduce the likelihood of executing instructions hidden in data.
- [PROMPT_INJECTION] (SAFE): No patterns of system prompt extraction, safety filter bypass, or 'DAN-style' role-play were detected in the instructions.
Audit Metadata