dev-new-tool
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists of instructional text and metadata without any executable scripts or binary files.
- [SAFE]: The workflow emphasizes user control and approval at every phase, including research, design, and planning, before any code is generated or executed.
- [INDIRECT_PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it requires the agent to research and summarize information from external websites and API documentation.
- Ingestion points: Web search results for existing tools, alternative analysis, and API specifications (SKILL.md).
- Boundary markers: No specific instructions are provided to the agent for isolating or sanitizing untrusted external data.
- Capability inventory: The agent can perform file system writes and execute project initialization commands such as npm init or go mod init (SKILL.md).
- Sanitization: There are no documented procedures for validating or filtering external content before it is processed.
Audit Metadata