putio-sdk-dev
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands, such as
rg(ripgrep),vp,gradlew, andmake, to facilitate codebase inspection, verification, and testing within the user's workspace. These commands are consistent with the skill's primary purpose of SDK development and review. - [PROMPT_INJECTION]: The skill processes and reviews code from multiple local repositories, creating an attack surface for indirect prompt injection (Category 8) from untrusted content in source files or documentation. Ingestion points: Local source code, tests, and documentation from the current repository and sibling directories like
../putio-backend. Boundary markers: No specific delimiters or markers are defined for isolating external content. Capability inventory: The skill allows for the execution of build scripts and search tools. Sanitization: There is no explicit requirement for sanitizing or validating the content of the files being reviewed before they are processed by the agent.
Audit Metadata