Skills
skills/dmitryprg-ai/cursor-develop-autorules/gap-analysis/Gen Agent Trust Hub

gap-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bash script located at scripts/scan-gaps.sh that executes the rg (ripgrep) utility. This is used to perform read-only searches for specific patterns (such as 'TODO', 'FIXME', or 'NotImplemented') within the project's source code to assist in gap analysis.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted data from the codebase.
  • Ingestion points: Content is ingested from files within the backend and frontend directories via the rg command in scripts/scan-gaps.sh.
  • Boundary markers: None are explicitly used to wrap the output of the grep searches.
  • Capability inventory: The skill primarily performs read-only searches; it does not demonstrate capabilities for network exfiltration, file modification, or arbitrary code execution beyond the predefined search patterns.
  • Sanitization: There is no evidence of sanitization for the content read from files before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 08:08 AM