anvil
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security threats were identified in the skill content or referenced materials.
- [PROMPT_INJECTION]: The static analysis hint regarding concealment in 'references/cli-design-anti-patterns.md' is a false positive. The document describes 'Silent Failure' and 'Silent Mutation' as anti-patterns to avoid, encouraging developers to be transparent and provide feedback to the user. This is a best practice for CLI design.
- [DATA_EXPOSURE]: The skill mentions standard configuration paths such as XDG base directories and shell profiles (.bashrc, .zshrc) for the purpose of implementing app configuration and shell completion. These references are standard for developer tooling and do not involve sensitive data harvesting.
- [EXTERNAL_DOWNLOADS]: The skill references standard, reputable open-source libraries and tools (e.g., Biome, Ruff, Ratatui, BubbleTea, Cobra). These references are informative and point to well-known industry-standard dependencies.
Audit Metadata