Coding
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill maintains all state locally in the
~/coding/directory and explicitly limits its scope to avoid network requests or unauthorized file access. - [COMMAND_EXECUTION]: Includes a setup instruction in
SKILL.mdto create a storage directory usingmkdir -p ~/coding. This is a benign and necessary operation for the skill's local storage functionality. - [PROMPT_INJECTION]: The skill implements a persistent memory system that ingests user corrections to influence future responses, creating an Indirect Prompt Injection surface.
- Ingestion points: Untrusted data enters the context via user corrections and confirmations as specified in
SKILL.md. - Boundary markers: No specific formatting boundaries are defined for the storage of strings in
memory.mdbeyond the ultra-compact format rules. - Capability inventory: Operational capabilities are restricted to basic file system setup (
mkdir) and file operations within the~/coding/directory. - Sanitization: The skill does not specify sanitization or validation logic for the user-supplied preference strings.
- Context: Because this behavior is the primary intended purpose of the skill and requires explicit human confirmation before storage, the risk is minimal.
Audit Metadata