harden-repo-for-coding-agents
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Deterministic detectors flagged the use of keywords like 'ignore previous instructions' in the
instruction-surface.mdplaybook. Technical analysis confirms these are used as detection heuristics for the agent to identify potential vulnerabilities in a target repository, rather than an attempt to bypass the agent's own system instructions. - [COMMAND_EXECUTION]: The skill contains destructive command patterns (e.g., 'rm -rf /') in
pretooluse-hook.py. These are defined as strings within a security deny-list designed to block such commands in a target repository, and are not intended for execution by the skill itself. - [COMMAND_EXECUTION]: The
pretooluse-hook-test.pyscript usessubprocess.runto execute local Python hooks during validation. This is a standard testing procedure for verifying that security gates correctly identify and block restricted commands. - [EXTERNAL_DOWNLOADS]: The skill references established standards and research from trusted organizations including Anthropic (Agent Skills), the Linux Foundation (Model Context Protocol), and GitHub (Spec Kit). These references are informational and point to official repositories or academic papers.
- [SAFE]: The skill implements and recommends security best practices, such as human-in-the-loop confirmation for file writes, usage of
shlexfor safe command tokenization, and explicit CODEOWNERS management for agent-facing policy files.
Audit Metadata