auth-review
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed as a read-only auditing tool. It explicitly prohibits executing the application, performing network probes, or making outbound requests, limiting its activity to local static analysis and reporting.
- [SAFE]: Includes a strict data handling policy that requires the redaction of secrets, tokens, and PII from generated reports to prevent accidental data exposure.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted content from the repository's source code, manifests, and documentation files. This ingestion surface lacks explicit boundary markers to isolate code content from the agent's instructional context. However, the skill mitigates potential manipulation through a limited capability inventory—restricted to reading local files and writing reports—and by requiring a mandatory evidence chain for every finding, necessitating specific file/line references and confirmation against the actual code logic.
Audit Metadata