karpathy-agentic-engineering
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a pedagogical and structural guide for managing AI agents during coding tasks. It does not include executable scripts, automation code, or commands that interact with the system without user intervention.
- [EXTERNAL_DOWNLOADS]: The documentation includes links to X.com (Twitter) posts by Andrej Karpathy which serve as the source material for the methodologies described. These are informational and do not trigger any downloads or automated execution.
- [DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. The skill focuses on managing local project context within the agent's environment.
- [PROMPT_INJECTION]: The skill uses instructional prompting but does not attempt to bypass safety filters or override system constraints. In fact, it includes specific instructions for agents to ask for permission before adding dependencies or making major changes, which is a security-positive practice.
- [COMMAND_EXECUTION]: While the templates mention placeholders for test and lint commands (e.g.,
[test command]), no actual commands are executed by the skill itself.
Audit Metadata