harden-repo-for-coding-agents
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
references/playbooks/instruction-surface.mdfile contains instructions for the agent to detect prompt injection patterns. It includes example strings such as<!-- ignore previous instructions -->for auditing purposes, which may be flagged by safety filters but are used here in an educational/instructional context. - [COMMAND_EXECUTION]: The
templates/artifacts/gates/pretooluse-hook-test.pytemplate usessubprocess.runto execute and verify the functionality of scaffolded security hooks. This is a standard testing pattern for verifying tool behavior. - [REMOTE_CODE_EXECUTION]: The
templates/artifacts/gates/pretooluse-hook-test.pytemplate utilizesimportlib.utilto dynamically load and execute hook modules for unit testing. This is used to verify the integrity of security artifacts before they are deployed. - [COMMAND_EXECUTION]: The
templates/artifacts/gates/pretooluse-hook.pytemplate contains defensive logic designed to intercept and block destructive commands. This includes pattern matching for high-risk operations likerm -rf /and unauthorized force-pushes to protected git branches such asmainormaster.
Audit Metadata