rules-from-coding-agent-failures
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, hidden commands, or unauthorized data access were identified during the analysis. The skill is designed to manage development-time metadata and improve agent-readiness safely.
- [PROMPT_INJECTION]: The skill processes repository-local Markdown files in
docs/reflection-log/to identify recurring agent failures. While this involves reading user-generated content, the risk of indirect prompt injection is minimized by the skill's design, which uses these logs as evidence for human-in-the-loop curation of rules rather than direct execution of embedded instructions. - [COMMAND_EXECUTION]: Analysis workflows use local, non-privileged tools like
grepto scan for patterns in log files. These operations are restricted to the project scope and do not incorporate external network data or arbitrary shell commands.
Audit Metadata