architecture-validate-srp
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts that run commands like grep and find on user-provided paths. While scripts use quoting, this pattern requires the agent to prevent access to sensitive directories.
- [PROMPT_INJECTION]: The skill processes external source code which may contain malicious instructions. Ingestion points: Code content from Read, Grep, and ast-grep tools. Boundary markers: None present to isolate code from instructions. Capability inventory: Execution of local scripts and file searches. Sanitization: No content filtering before processing.
- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the radon package, which is a standard and trusted utility for Python code metrics.
Audit Metadata