release-checklist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection from untrusted codebase content. 1. Ingestion points: files in src/ directory read by grep in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Grep, Read, Glob tools specified in SKILL.md. 4. Sanitization: Absent.
- COMMAND_EXECUTION (SAFE): Bash usage is confined to static analysis (grep) and execution of standard project test suites (npm, pytest, etc.), which is consistent with the skill's primary purpose.
- EXTERNAL_DOWNLOADS (SAFE): Dependency auditing tools connect to official, trusted package registries like npmjs.com and pypi.org.
Audit Metadata