trace-it
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes bash commands
grep,find, andgitfor local code analysis. These tools are industry standard for dependency tracing and do not involve arbitrary command execution or risky network requests. - DATA_EXPOSURE (SAFE): The skill reads local files in the
src/directory to identify function callers. There is no evidence of attempts to access sensitive system files (e.g., ~/.ssh) or transmit data externally. - INDIRECT_PROMPT_INJECTION (SAFE): The skill possesses a data ingestion surface by reading project source files, but the potential for malicious instructions is mitigated by a lack of destructive tools or network access.
- Ingestion points: Project source files in
src/(referenced in SKILL.md). - Boundary markers: The skill provides structured markdown templates for the agent to document its analysis.
- Capability inventory:
grep,find,git, andfile: read. No network, write, or privilege escalation capabilities are present. - Sanitization: While no explicit content sanitization is mentioned, the limited toolset prevents successful exploitation of injected instructions.
Audit Metadata