t3code-advisor
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to facilitate communication between AI agent threads via the
t3code-threadtool.\n- [SAFE]: The skill mentions checking for "T3 Code server RPC credentials" (server URL, project id, or authorization). This is consistent with the skill's purpose of interacting with the T3 Code server and follows standard practices for accessing project-specific resources. No hardcoded secrets were found.\n- [PROMPT_INJECTION]: The skill includes instructions to the agent to include a safety directive in the advisor's prompt: "This is analysis only. Do NOT edit, create, or delete any files. Do NOT write code." This is a defensive measure to maintain the advisor's scope.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it processes responses from external advisor threads.\n - Ingestion points: advisor thread responses read through RPC (SKILL.md).\n
- Boundary markers: The agent is instructed to "verify assumptions against the codebase" and "synthesize" rather than blindly deferring to the advisor.\n
- Capability inventory: The skill uses the
t3code-threadtool to create new threads and reads responses via RPC.\n - Sanitization: The skill requires the agent to verify advisor assumptions against the codebase and synthesize the information for the user, providing a manual check on the ingested data.
Audit Metadata