technical-debt-assessment
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The code quality scanner in SKILL.md reads and parses external files, which could contain malicious instructions meant to influence the agent's behavior during report processing. (1) Ingestion points: CodeQualityScanner.scanFile (using fs.readFileSync). (2) Boundary markers: Absent. (3) Capability inventory: Reads local files. (4) Sanitization: None.
- DATA_EXPOSURE (LOW): The scanner's ability to read local files could be abused to access sensitive configuration or credential files if the agent is not properly restricted to specific code directories.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata