Skills
skills/malinskibeniamin/skills/development-lifecycle/Gen Agent Trust Hub

development-lifecycle

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill mentions the installation of the @openai/codex package from the NPM registry and the addition of plugins from a marketplace. These references target OpenAI, which is a well-known service provider.- [COMMAND_EXECUTION]: The instructions direct the agent to utilize various command-line interfaces for development tasks, including gh (GitHub CLI) for pull request management, npm for dependency and test management, and browser automation tools like agent-browser and Playwright for visual verification.- [INDIRECT_PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it processes untrusted data from external sources.
  • Ingestion points: Reads GitHub issue comments, pull request bodies/comments, and external feedback from the Codex tool.
  • Boundary markers: None identified in the instructions to delimit external content from system instructions.
  • Capability inventory: Subprocess execution (tests, CLI tools), browser automation (agent-browser), file system writes (.claude/rules/), and network operations via gh and npm.
  • Sanitization: No specific sanitization or validation steps for external input are mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 09:06 AM
Security Audit — agent-trust-hub — development-lifecycle