Skills
skills/camoa/claude-skills/code-pattern-checker/Gen Agent Trust Hub

code-pattern-checker

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to use WebFetch to retrieve documentation from https://camoa.github.io/dev-guides/. While these are intended as coding standards, fetching content from non-whitelisted domains at runtime is a risk vector.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface (Category 8).
  • Ingestion points: The skill fetches guidelines from https://camoa.github.io/dev-guides/ to determine how to analyze code.
  • Boundary markers: Absent. The agent is directed to load these before checking code without specific delimiters or isolation instructions.
  • Capability inventory: Bash (used for git diff), Read (used for local files).
  • Sanitization: Absent. Malicious instructions placed on the external GitHub Pages site could influence the agent to overlook security flaws or misreport analysis results.
  • [COMMAND_EXECUTION] (SAFE): The skill uses Bash to run git diff --name-only, which is a legitimate use case for a code review tool and has a narrow scope of execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:36 PM