move-code-quality
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [External Downloads] (LOW): The README.md file contains manual installation instructions directing users to
git clonea repository from an untrusted GitHub account (1NickPappas/move-code-quality-skill). Users should verify the contents of external repositories before adding them to their local environment. - [Indirect Prompt Injection] (LOW): The skill's primary purpose is to ingest and analyze Move language code packages. This creates an attack surface for indirect prompt injection, where malicious instructions embedded in comments or code within a Move file could attempt to influence the agent's behavior.
- Ingestion points: Move source code files and package manifests (README.md).
- Boundary markers: Absent in provided documentation; likely depends on the missing SKILL.md definition.
- Capability inventory: Code analysis, checklist validation, and recommendation generation (README.md).
- Sanitization: Not specified in the provided documentation.
- [No Code Detected] (SAFE): The analyzed files consist solely of Markdown documentation and a license. The core functional components of the skill, specifically the
SKILL.mdfile and the rule definitions in thechecklist/directory mentioned in CONTRIBUTING.md, were not provided for analysis.
Audit Metadata