deep-audit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
run_phase_checks.jsexecutes standard development lifecycle commands (e.g.,npm run build,lint) to verify code quality. The execution is limited to predefined script names found within the project'spackage.jsonand uses the standardspawnSyncmethod.\n- [PROMPT_INJECTION]: The skill processes untrusted repository files, which presents a surface for indirect prompt injection. This is a necessary component of an audit tool and is mitigated by structured phases and human-in-the-loop confirmation. Mandatory evidence for this surface: \n - Ingestion points: The agent reads all source files and documentation within the defined audit scope (e.g.,
project,section, orfeature-trace).\n - Boundary markers: The skill uses structured markdown templates (e.g.,
audit-map.md,section-audit.md) to separate agent analysis from repository evidence, although it does not use explicit 'ignore instructions' delimiters for the ingested code content.\n - Capability inventory: The skill possesses file system write access for audit artifacts and subprocess execution capabilities for build/test tools via
run_phase_checks.js.\n - Sanitization: Input values for the audit scope and section names are processed through a
slugifyfunction to ensure safe filename and path construction, preventing directory traversal attacks.
Audit Metadata