boss
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands via the Bash tool to automate development tasks, such as dependency management, compilation, and running test suites. These operations are scoped to the project environment and align with the skill's purpose as an automation pipeline.
- [EXTERNAL_DOWNLOADS]: A utility command (
/boss:upgrade) is included to maintain the skill by updating the@blade-ai/boss-skillpackage from the official NPM registry and re-installing environment hooks. These actions are transparent and standard for complex agentic tools. - [DATA_EXFILTRATION]: The skill incorporates defensive security measures, specifically a 'Gate 0' quality gate that automatically scans source code for sensitive information like AWS keys, private keys, and API tokens before the development process proceeds.
- [PROMPT_INJECTION]: The system uses professional role-play prompts to specialize sub-agents for tasks like architecture and QA. These prompts are instructional and do not contain attempts to bypass safety filters or exfiltrate core system instructions.
Audit Metadata