project-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust methodology for project-level tasks (e.g., prototyping, maintenance, code review) without using malicious patterns or deceptive instructions.
- [COMMAND_EXECUTION]: The 'CLI-first' methodology recommends standard open-source developer tools such as
rg,fd,sd,jq, andgh. These tools are listed as preferred instruments for the agent to gather evidence and automate tasks within the project scope, which aligns with the skill's stated purpose. - [DATA_EXFILTRATION]: While the skill suggests using network-capable tools like
ghandhttp, there are no patterns suggesting unauthorized data exfiltration or harvesting of sensitive files (e.g.,.sshor.env). The usage described is consistent with standard software development practices (fetching repo data or testing APIs). - [PROMPT_INJECTION]: The skill includes an 'Indirect Prompt Injection' surface as it ingests untrusted data from existing codebases and external documentation. However, it mitigates risk by defining a strict 'Brief Contract' and 'Unified Packet' structure to maintain task boundaries when delegating work to sub-agents.
- [REMOTE_CODE_EXECUTION]: No patterns of remote code execution or unverified dependency installation were found. The skill relies on tools assumed to be pre-installed or standard within the developer environment.
Audit Metadata