Skills
skills/thulr/informed-skills/project-agentification/Gen Agent Trust Hub

project-agentification

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a security auditing and hardening framework designed to identify and mitigate risks such as prompt injection and unauthorized command execution. Its core components are defensive in nature.
  • [PROMPT_INJECTION]: The skill includes heuristics in references/playbooks/instruction-surface.md (e.g., heuristic H5) for detecting prompt injection patterns in other repository files. These instructions guide the agent on how to audit a repository for vulnerabilities, such as instructions to 'ignore previous instructions', rather than attempting to bypass the agent's own safety guidelines.
  • [COMMAND_EXECUTION]: The skill contains a templates/artifacts/gates/pretooluse-hook.py script and a templates/artifacts/gates/pretooluse-hook-test.py test fixture. These utilize Python's shlex and subprocess modules to parse, analyze, and block potentially destructive shell commands (e.g., rm -rf /). These are security enforcement and validation tools intended to be scaffolded into target repositories to prevent agent-driven accidents or exploits.
  • [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted GitHub Action repositories, such as actions/checkout and actions/attest-build-provenance, within its CI templates. These are standard industry tools for software development and automated security attestations and do not originate from untrusted or suspicious sources.
  • [SAFE]: (Indirect Prompt Injection Analysis)
  • Ingestion points: The skill reads configuration and instruction files from the target repository, such as AGENTS.md, SKILL.md, and other documentation files, to assess their readiness for AI agents.
  • Boundary markers: The skill employs distinct analysis personas (defined in references/lenses.md) and dedicated playbooks to isolate different perspectives (e.g., adversarial vs. auditor) during the evaluation process.
  • Capability inventory: The skill has the ability to write files to the repository (scaffold intent) and execute commands via the harness's shell tools for diagnostics and testing.
  • Sanitization: The skill implements robust shell command parsing and blocking via the pretooluse-hook.py template and requires explicit human confirmation for all file-write operations as part of its 'preview-then-write' workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 09:47 PM
Security Audit — agent-trust-hub — project-agentification