static-bug-detector
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill definition and referenced detection patterns are purely instructional and do not involve any command execution, network activity, or sensitive data access.
- [NO_CODE]: The skill consists of Markdown files containing guidelines and examples for the AI to follow. No scripts (Python, JavaScript, Shell) or compiled binaries are included in the package.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is designed to ingest and process source code provided by users, which constitutes a surface for indirect prompt injection. However, because the skill defines no dangerous capabilities (such as tool use, file system writing, or network requests), the impact of an injection would be limited to the context of the generated analysis report and does not pose a systemic risk.
- Ingestion points: Source code snippets provided by the user for analysis.
- Boundary markers: The skill instructions and examples utilize standard Markdown code blocks for delimiters.
- Capability inventory: None. The skill does not define any subprocess calls, file operations, or network tools.
- Sanitization: Not explicitly implemented in the prompt instructions, though the output is restricted to a structured Markdown report.
Audit Metadata