ai-dev-tools-sync
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill primarily serves as a guideline for managing development environment settings.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted configuration data from the project repository. Ingestion points: Step 1 reads files such as CLAUDE.md, .github/copilot-instructions.md, and .github/AGENTS.md. Boundary markers: No delimiters or 'ignore instructions' warnings are used when reading these files. Capability inventory: The skill instructions involve reading files, performing web searches, and implementing changes (writing files). Sanitization: There is no evidence of sanitization or validation of the content read from these files.
Audit Metadata