architecture-governance
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Documentation in references/project-initial-analysis.md includes example shell commands for building and testing projects (e.g., mvn clean compile, npm test, pytest). These are presented as non-mandatory templates for project initialization analysis and do not involve automated or hidden execution.\n- [EXTERNAL_DOWNLOADS]: Reference files include examples of package installation commands (npm install, pip install -r requirements.txt). These are standard development operations documented as part of project onboarding guidelines and are not used for downloading untrusted or remote scripts.\n- [PROMPT_INJECTION]: The skill's primary function involves analyzing project code and structure (e.g., in SKILL.md and references/project-initial-analysis.md). While this creates a surface for indirect prompt injection via untrusted code analysis, it is inherent to the tool's purpose and does not include automated execution of such content.
Audit Metadata