validating-project
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using standard tools (make, pnpm, uv, cargo, go) to perform project validation and code quality checks.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface by executing commands or scripts defined in project files like Makefile or package.json which could be attacker-controlled. * Ingestion points: package.json, pyproject.toml, Cargo.toml, go.mod, Makefile, CLAUDE.md (SKILL.md). * Boundary markers: Absent. * Capability inventory: Executes shell commands via package managers and build tools. * Sanitization: Absent.
Audit Metadata