engineering
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file contains instructions demanding 'auto-activation' and stating 'NO user confirmation needed' for its activation, which is a pattern designed to bypass standard interaction protocols and increase agent autonomy without user oversight.
- [PROMPT_INJECTION]: The skill uses alarming and deceptive formatting in its description, such as '🚨 TIER 1 SKILL
- AUTO-ACTIVATION REQUIRED 🚨', to mimic system-level priority and potentially influence the agent's internal activation logic.
- [SAFE]: The reference documentation in 'reference/coding-standards.md' provides high-quality and correct security best practices, including explicit guidance on SQL injection prevention, secrets management, and input validation.
Audit Metadata