quality-detect-refactor-markers
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a read-only auditor for technical debt tracking. It uses common utilities like
grep,find, anddateto identify and age markers in the source code. - [COMMAND_EXECUTION]: Although the skill utilizes shell commands, the parsing logic for extracting ADR identifiers from source files is constrained to specific numeric patterns (e.g.,
ADR-(\d+)). This restrictive parsing prevents command injection vulnerabilities that could otherwise arise from processing untrusted file content. - [DATA_EXFILTRATION]: No network activity or external communication patterns were identified. The skill's functionality is strictly confined to the local project environment.
- [PROMPT_INJECTION]: A review of the instructional text and metadata confirms the absence of any patterns intended to override agent behavior, bypass safety guardrails, or leak system prompts.
Audit Metadata