code-quality
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Shelltool to execute various commands includingpnpm run lint,pnpm exec tsc, and multiplegreppatterns to analyze the codebase for quality issues. - [COMMAND_EXECUTION]: Employs
node -eto execute inline JavaScript scripts for complex tasks such as file system traversal, line counting, and naming convention validation. - [COMMAND_EXECUTION]: Includes a PowerShell script block designed to detect consecutive lines of commented-out code, which is executed via the
Shelltool when supported by the environment. - [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill analyzes the codebase for the presence of the Cognite SDK client (
new CogniteClient), this is performed locally viagrepto ensure proper dependency injection and does not involve transmitting credentials externally. - [PROMPT_INJECTION]: The skill includes an instructional surface where it reads and processes source code containing comments and string literals. This represents an indirect prompt injection surface as an agent might encounter instructions embedded in code comments, though the skill's logic is primarily focused on pattern matching and reporting rather than executing instructions found within the data.
- Ingestion points: Reads source code files (
.ts,.tsx) from thesrc/directory usingGrepandReadtools. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded instructions within the source files.
- Capability inventory: The skill has access to
Shell,Write,Read,Glob, andGreptools, allowing it to modify files and execute commands based on its analysis. - Sanitization: There is no evidence of sanitization or filtering of the source code content before it is processed by the agent.
Audit Metadata