ws-verifier
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized operations were detected. The skill is designed for read-only analysis of project files and writing only to a specific session state file.
- [PROMPT_INJECTION]: The skill ingests untrusted data by reading implementation files and documentation, which constitutes an indirect prompt injection surface. However, the risk is negligible due to the absence of dangerous tools.
- Ingestion points: implementation files in the
files_changedarray and project documentation files (SKILL.md, Steps 1.2 and 1.3). - Boundary markers: No explicit delimiters or markers are used to separate file content from the agent's internal instructions.
- Capability inventory: The skill is restricted to reading local files and writing only to the
.ws-session/verifier.jsonsession file. It has no access to the network, shell, or arbitrary code execution (eval/exec). - Sanitization: There is no mention of sanitizing or escaping the content of the files being reviewed.
Audit Metadata