Skills
skills/artimath/effect-skills/effect-deep-audit/Gen Agent Trust Hub

effect-deep-audit

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone the official Effect-TS repository from GitHub to use as a source of truth for idiomatic patterns.
  • Evidence: git clone https://github.com/Effect-TS/effect in SKILL.md.
  • [COMMAND_EXECUTION]: Uses local shell utilities such as rg (ripgrep) and wc to perform reconnaissance and classification of findings within the target codebase.
  • Evidence: Multiple rg and wc command blocks in SKILL.md.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and analyzes external source code from target projects. If the audited code contains malicious instructions in comments or string literals, it could influence the agent's behavior during the audit or rewriting process.
  • Ingestion points: Target codebase files (e.g., src/**/*.ts) mentioned in SKILL.md.
  • Boundary markers: None specified to differentiate between instructions and data.
  • Capability inventory: Includes command execution (rg, git, wc) and file-writing capabilities (systematic rewriting of non-idiomatic code).
  • Sanitization: No sanitization or validation of the audited content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:16 PM