codebase-readiness
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill performs its stated function as a codebase assessment tool and contains no malicious code or suspicious behaviors. All identified external resources are owned by the author.
- [COMMAND_EXECUTION]: The skill executes a bundled script (
scripts/recon.sh) and various shell snippets to gather codebase statistics and structure. These commands are functional and scoped to the project directory. - [PROMPT_INJECTION]: The assessment sub-agents process untrusted project documentation, creating an indirect prompt injection surface where local files (like CLAUDE.md) could attempt to influence the evaluation result. Ingestion points: SKILL.md assessment prompts. Boundary markers: Sections labeled in prompt composition. Capability inventory: Shell access for diagnostic commands. Sanitization: None.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing
btarfor continuous tracking. This is a build analysis tool provided by the author and is documented neutrally as a functional recommendation.
Audit Metadata