trae-rules-writer
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and analyzes untrusted data from the local project environment to inform its rule-writing logic.
- Ingestion points: Source code and configuration files are read by the Project Scanner (agents/project-scanner.md) and Convention Detector (agents/convention-detector.md) agents.
- Boundary markers: The skill does not use specific delimiters or instructions to treat sampled code as untrusted data during the analysis phase.
- Capability inventory: The skill possesses file-writing capabilities through the scripts/init_rule.cjs script, which creates .md files in the .trae/rules/ directory.
- Sanitization: Content extracted from the project is not explicitly sanitized before being incorporated into suggested rule designs.
- Mitigation: The workflow includes a mandatory human-in-the-loop checkpoint (AskUserQuestion) where the user must approve the proposed rule content and output path before generation.
- [COMMAND_EXECUTION]: The skill utilizes a local Node.js script to automate the generation of rule files from templates.
- Evidence: SKILL.md specifies the execution of node scripts/init_rule.cjs during the generation phase.
- Risk Assessment: The script uses standard file system operations (fs.mkdirSync, fs.writeFileSync) and operates on project-relative paths defined within the skill's logic.
Audit Metadata