remove-ai-comments
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The README.md suggests installation via
npxfrom a non-whitelisted GitHub repository (ChambersXDU/enhance-comment). This is an unverified source outside of the trusted organizations list.\n- [COMMAND_EXECUTION] (SAFE): The skill executes a local Python script (scripts/comment_density.py). The script's logic is transparent, limited to file reading and line counting, and presents no inherent danger.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected (Category 8).\n - Ingestion points: Reads and processes target source code files provided by the user.\n
- Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the workflow description.\n
- Capability inventory: Executes a local subprocess via
python scripts/comment_density.py.\n - Sanitization: No validation or sanitization of input data is performed before the file is read or processed.
Audit Metadata