Skills
skills/remotion-dev/remotion/nullable-new-params/Gen Agent Trust Hub

nullable-new-params

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands such as git and turbo to analyze repository history and verify build integrity. These operations are essential to its primary function and use safe argument passing methods through Bun.spawnSync which avoids shell command injection.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes and presents output from git diff to the agent. While the risk is minimal for a development utility, the following mandatory evidence chain is documented:
  • Ingestion points: The find-new-optional-params.ts script (executed in Step 1 of SKILL.md) reads and prints lines from the local Git repository.
  • Boundary markers: No explicit delimiters or boundary markers are used to wrap the code snippets before presenting them to the agent.
  • Capability inventory: The skill has access to the local file system (via git), can execute build commands (turbo), and run TypeScript scripts via bun.
  • Sanitization: Content extracted from the diff is not sanitized or escaped before being displayed, relying on the agent's internal safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:13 PM
Security Audit — agent-trust-hub — nullable-new-params