setup-coding-quality-checks

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by instructing the agent to ingest and act upon data from untrusted repository files during the discovery phase.
  • Ingestion points: The agent is instructed to read repository instructions (e.g., .cursor/rules, AGENTS.md), Sandcastle documents, Beads issues, and local session transcripts (e.g., from .opencode/, .aider*, .continue/) to determine the project stack and requirements.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore malicious commands embedded within the discovered files, increasing the risk that instructions inside these files could manipulate the agent's behavior.
  • Capability inventory: The skill allows the agent to modify repository configuration files, update package manifests (which leads to dependency installation), add new shell scripts, and configure git hooks.
  • Sanitization: Absent. There is no evidence of filtering or validating the content extracted from external files before it is used to influence the setup process or repository edits.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:47 AM
Security Audit — agent-trust-hub — setup-coding-quality-checks