readiness-report
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze_repo.pyutilizessubprocess.runto execute standard version control tools (git,gh,glab). The commands are implemented as fixed lists of arguments, which prevents shell injection vulnerabilities. The use of thecwdparameter ensures that command execution is scoped to the target repository directory. - [DATA_EXPOSURE]: The analysis process involves reading various project files and environment templates (e.g.,
.eslintrc,pyproject.toml,.env.example) to identify technical pillars and maturity signals. This data access is localized to the repository path provided and is consistent with the skill's stated purpose of evaluation. - [PROMPT_INJECTION]: As a repository scanner, the skill processes untrusted data from the analyzed codebase (ingestion points:
RepoAnalyzer._read_fileandRepoAnalyzer._search_filesinscripts/analyze_repo.py). While this presents an indirect prompt injection surface where malicious repository content could attempt to influence the agent's interpretation of the generated report, the scripts do not dynamically execute this content and focus purely on regex-based detection of criteria.
Audit Metadata