shemic-dever
Pass
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill files. All instructions align with the intended purpose of assisting in Go application development within the Dever framework.
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes code from the official shemic/dever repository on GitHub. These operations are part of the intended development workflow for bootstrapping and managing projects. The target URLs represent trusted vendor resources associated with the author.
- [COMMAND_EXECUTION]: The skill uses shell scripts (boot.sh, module.sh, audit.sh) and the dever CLI for project management tasks such as initialization, code generation, and static auditing. These scripts perform standard file system and development operations without escalating privileges or establishing persistence.
- [PROMPT_INJECTION]: The instructions in SKILL.md are designed to guide the agent through specific framework rules and decision-making processes. They do not contain any patterns intended to bypass safety guardrails, extract system prompts, or override agent constraints for malicious purposes.
Audit Metadata