health-check
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs standard quality gate commands (e.g.,
npx tsc,npx vitest,npx eslint) which are hardcoded in the skill's scripts. These are benign diagnostic commands.\n- [EXTERNAL_DOWNLOADS]: Utilizesnpxto execute tools, which may download packages from the npm registry. As npm is a well-known and trusted service, this is considered safe behavior.\n- [PROMPT_INJECTION]: The skill processes untrusted repository content through diagnostic tools, creating a surface for indirect prompt injection.\n - Ingestion points: Tool outputs in
scripts/run-health-check.shread the codebase.\n - Boundary markers:
SKILL.mdcontains explicit 'NEVER' instructions to stop the agent from analyzing or reacting to the tool output.\n - Capability inventory: Limited to diagnostic shell commands with no file-write or external network access.\n
- Sanitization: The bash script sanitizes output by truncating text and removing control characters before returning a summary to the agent.
Audit Metadata