agent-ready-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute various language-specific test and coverage tools (such as pytest, jest, and go test) to evaluate codebase health. These operations are essential to the skill's primary function of project auditing.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted project configuration files to determine the tech stack and execute commands.\n
- Ingestion points: Project metadata files including package.json, go.mod, Gemfile, pyproject.toml, and Cargo.toml.\n
- Boundary markers: None identified; the skill does not explicitly use delimiters to isolate file content from instructions.\n
- Capability inventory: Execution of arbitrary shell commands through the project's native test runners and coverage tools as listed in references/checklist.md.\n
- Sanitization: None identified; the skill relies on the existing project configuration to define execution parameters.\n- [SAFE]: Analysis of the instructions and reference materials found no evidence of malicious intent, credential theft, or unauthorized network activity.
Audit Metadata