duru-conductor
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill incorporates a robust 'Quality Gate' phase that specifically instructs the agent to check for hardcoded secrets, API keys, and insecure CORS configurations in software projects before completion.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform standard development operations such as dependency installation (
npm ci,pip install) and syntax validation as part of its quality assurance workflow. - [PROMPT_INJECTION]: The skill processes project-specific data from files like
LESSONS.mdand source code to influence its orchestration behavior. This ingestion of local file content represents a surface for indirect prompt injection, though it is mitigated by a structured workflow and requirements for user confirmation at each phase. - [SAFE]: The skill includes a 'Self-Improvement Protocol' that allows it to suggest updates via a
SKILL-PATCH.mdfile, but it explicitly forbids autonomous modification of its own instructions and requires human review for all changes.
Audit Metadata