best-practices
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill content consists of instructional templates and documentation focused on prompt engineering best practices. No malicious code, obfuscation, or data exfiltration patterns were detected.
- [COMMAND_EXECUTION]: The skill utilizes sub-agents ('codebase-context-builder') that employ tools such as Glob, Grep, and Read. These tools are used legitimately to discover project structures, tech stacks, and existing code patterns to ground the prompt transformation in the actual codebase.
- [PROMPT_INJECTION]: The skill processes user-supplied prompts by interpolating them into sub-agent task calls (e.g., Task task-intent-analyzer). This represents an indirect prompt injection surface (Category 8), but the risk is assessed as safe given the utilitarian nature of the skill and the fact that it is designed to assist the user in drafting better prompts rather than executing untrusted commands autonomously.
Audit Metadata