context-driven-development
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a methodology and directory structure for managing project documentation (Context-Driven Development). No malicious patterns, obfuscation, or safety bypasses were detected in the instructions.
- [COMMAND_EXECUTION]: The skill includes a local Node.js script (
scripts/main.cjs) and execution hooks (hooks/pre-execute.cjs,hooks/post-execute.cjs). These scripts are boilerplate utilities for argument parsing and metric logging; they do not perform network operations, access sensitive credentials, or execute arbitrary shell commands. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to have the agent read and adhere to project-specific documentation stored in the
.claude/context/directory. - Ingestion points: Local markdown files including
product.md,tech-stack.md,workflow.md, and files within thememory/subdirectory. - Boundary markers: None; the methodology instructs the agent to treat these artifacts as the "single source of truth" for its behavior.
- Capability inventory: The skill uses the
Read,Write,Edit,Glob, andGreptools to interact with the project context. - Sanitization: There is no automated validation or escaping of the natural language content stored in these files.
Audit Metadata