Skills
skills/brite-nites/britenites-claude-plugins/code-quality/Gen Agent Trust Hub

code-quality

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies the project stack by reading local files, creating a surface for indirect prompt injection. • Ingestion points: Reads marker files like package.json, pyproject.toml, and tsconfig.json from the project workspace. • Boundary markers: No explicit markers are used to delimit untrusted project data. • Capability inventory: The skill can write configuration files and execute shell commands via package managers. • Sanitization: Project file content is used to drive logic without explicit validation.
  • [COMMAND_EXECUTION]: The skill generates and suggests shell commands (e.g., npm install, ruff check) for both local environments and automated CI/CD workflows.
  • [EXTERNAL_DOWNLOADS]: The skill downloads standard utilities and GitHub Actions from trusted organizations and official registries (NPM, PyPI, and GitHub).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:06 PM