validate-chalk
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code or suspicious patterns were identified. The skill uses standard tools like Read, Glob, Grep, and Bash to perform local audits and optional fixes for configuration files.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core functionality of reading untrusted project data. 1. Ingestion points: .chalk/chalk.json and markdown documentation files in .chalk/docs/. 2. Boundary markers: The skill does not implement specific markers or instructions to ignore potential commands within audited files. 3. Capability inventory: The skill uses Bash, Read, Glob, and Grep, including file modification tools for its auto-fix feature. 4. Sanitization: The skill does not explicitly sanitize the contents of the files before processing them.
Audit Metadata