code-metrics-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implementation follows secure coding practices for its intended purpose of static code analysis. All logic is transparent and utilizes standard libraries.
- [COMMAND_EXECUTION]: The provided TypeScript and Python examples perform local file system operations to read source code files for metric calculation. These actions are restricted to reading the project files provided by the user.
- [EXTERNAL_DOWNLOADS]: The GitHub Actions workflow example uses official actions from the 'actions' organization to facilitate CI/CD integration. These are trusted, well-known services.
- [DATA_EXFILTRATION]: No network operations or data transmission patterns were identified. The scripts focus solely on local analysis and report generation.
- [PROMPT_INJECTION]: The skill ingests source code from local files. While this represents a theoretical indirect injection surface, the tool calculates structural metrics and does not execute or interpret content as instructions.
Audit Metadata