contribute-catalog

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user or agent to execute several command-line tools including framevideo, git, gh, npx oxfmt, and npx tsx to manage the contribution lifecycle.
  • [EXTERNAL_DOWNLOADS]: The workflow involves npx, which may download packages from the npm registry. Additionally, the provided HTML templates reference external assets from well-known services such as Cloudflare (via cdn.jsdelivr.net) and Google Fonts for standard library and typography support.
  • [DATA_EXFILTRATION]: The skill references an internal AWS account ID (767398024897) for a specific documentation upload script intended for internal contributors. This is used for routing internal assets and does not expose sensitive credentials.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by ingesting user-provided descriptions and visual references to scaffold templates. These inputs are used to generate code snippets, which is the primary intended purpose of the contribution guide.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:12 PM
Security Audit — agent-trust-hub — contribute-catalog