craft-prompt
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is purely instructional and template-based.
- [COMMAND_EXECUTION]: The skill mentions running standard development tools like
git status,git diff, andgit logto gather context for session handoff prompts. These are legitimate operations for a developer-oriented prompt-crafting skill and do not involve shell injection or privilege escalation. - [DATA_EXPOSURE]: The skill uses worktree-relative paths (e.g.,
src/auth.ts) as a best practice for prompt context, avoiding the exposure of absolute local system paths. - [REMOTE_CODE_EXECUTION]: There are no scripts, external downloads, or remote code execution patterns present in the skill files.
- [OBFUSCATION]: A thorough scan for Base64, zero-width characters, homoglyphs, and encoded URLs returned no results.
Audit Metadata