nativescript
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a 'Memory Protocol' section that explicitly instructs the agent to execute a shell command (
cat .claude/context/memory/learnings.md) before starting a task to retrieve previous state. This represents a capability for local command execution within the skill's standard workflow. - [PROMPT_INJECTION]: The skill is designed to ingest and review user-provided source code files, which creates a surface for indirect prompt injection attacks.
- Ingestion points: The skill operates on files specified in the input schema or provided during code reviews (SKILL.md, schemas/input.schema.json).
- Boundary markers: There are no explicit instructions or delimiters defined to separate user-provided code from instructions or to prevent the agent from following prompts embedded in that code.
- Capability inventory: The skill utilizes powerful file system tools (
Read,Write,Edit) to analyze and modify the project environment. - Sanitization: No sanitization, validation, or filtering of user-provided content is mentioned in the logic or scripts.
Audit Metadata