skills/i9wa4/dotfiles/programming/Gen Agent Trust Hub

programming

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides explicit instructions for executing Bash scripts, Python utilities, and Nix tools. It defines rules for subshells, permissions, and environment selection (uv, poetry). While it facilitates arbitrary command execution, these are within the scope of repo-local development tasks.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the Nix package manager (nix run nixpkgs#...) to download and execute development tools such as shellcheck, rumdl, nurl, and statix. These are sourced from the official Nixpkgs repository, an established and well-known service.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to read and process repository files which could contain untrusted data.
  • Ingestion points: Reads repository files, Markdown documents, and Nix configurations (SKILL.md).
  • Boundary markers: Not explicitly defined in the instructions, though the workflow emphasizes focused reference selection.
  • Capability inventory: Capable of shell command execution, Python execution, and file system modifications across multiple scripts.
  • Sanitization: None specified for file content processing, relying on the agent's internal safety layers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:06 PM
Security Audit — agent-trust-hub — programming