Skills
skills/mindfold-ai/trellis/trellis-before-dev/Gen Agent Trust Hub

trellis-before-dev

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script ./.trellis/scripts/get_context.py to identify package structures. This involves running code from the project directory.
  • [PROMPT_INJECTION]: The skill ingests data from local files in the .trellis/spec/ directory to guide agent behavior, which creates a surface for indirect prompt injection.
  • Ingestion points: SKILL.md (Steps 3, 4, 5) uses cat to read multiple index and guideline files into the agent's context.
  • Boundary markers: Absent. The content of the local files is read directly into the context without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The agent has the ability to execute local Python scripts and read or list files within the repository.
  • Sanitization: Absent. The skill does not describe any validation or sanitization of the file content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:18 AM
Security Audit — agent-trust-hub — trellis-before-dev