Skills
skills/edwinhu/workflows/dev-clarify/Gen Agent Trust Hub

dev-clarify

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows standard development practices and contains no malicious code or instructions.
  • [COMMAND_EXECUTION]: The frontmatter defines a PreToolUse hook that executes a local Python script (phase-gate-guard.py) using the uv tool. This script is used for project state validation (checking if a specification file exists) rather than arbitrary command execution.
  • [EXTERNAL_DOWNLOADS]: The skill references the uv tool, which is a well-known and established Python package manager. No untrusted external dependencies or remote scripts are downloaded.
  • [DATA_EXPOSURE]: The skill reads from and writes to project-specific files like .planning/SPEC.md and LEARNINGS.md. It does not access sensitive system files (e.g., SSH keys, AWS credentials) or environment secrets.
  • [PROMPT_INJECTION]: While the skill uses strong imperative language to enforce its workflow (e.g., "The Iron Law of Clarification"), it does not contain patterns intended to bypass AI safety guidelines or extract system prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 08:06 AM