Skills
skills/forge-town/skills/zod-env-integration/Gen Agent Trust Hub

zod-env-integration

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to read and parse .env.example files from a user's local directory to generate TypeScript code. This creates a surface for indirect prompt injection where an attacker could place malicious instructions inside comments or variable values in the .env.example file to influence the agent's code generation logic.
  • Ingestion points: Reads .env.example from the project root directory during the code generation process.
  • Boundary markers: The instructions do not specify any delimiters or safety warnings to distinguish between the input file's data and the agent's instructions.
  • Capability inventory: The skill facilitates the creation of multiple TypeScript files (envSchema.ts, getEnv.ts, index.ts) across different directories.
  • Sanitization: There is no evidence of sanitization or filtering of the input file content before it is processed by the agent to generate code templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 10:47 PM