Skills
skills/borjasolerme/agent-skills/coding-workflow/Gen Agent Trust Hub

coding-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way user input is handled.
  • Ingestion points: User-provided content is interpolated via the $ARGUMENTS variable at the end of SKILL.md.
  • Boundary markers: Absent; there are no delimiters separating the skill's instructions from the user's input.
  • Capability inventory: The agent using this skill is directed to use powerful tools such as agent-browser for web automation and pgTAP for database interactions.
  • Sanitization: Absent; the skill does not contain instructions to escape or validate the input in $ARGUMENTS.
  • [EXTERNAL_DOWNLOADS]: The skill suggests the installation of several external helper skills from GitHub repositories.
  • Details: It provides npx skills add commands for repositories belonging to trusted organizations such as Vercel Labs and Anthropic, as well as well-known community developers.
  • [NO_CODE]: This skill consists entirely of markdown documentation and does not contain any executable scripts or configuration files that run code directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 09:59 AM