faion-code-quality
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or passwords were found. The documentation explicitly advises against hardcoding secrets in code review and technical debt checklists.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references reputable development tools and libraries (e.g.,
radon,safety,mob.sh,SonarQube) as part of its educational content. No suspicious or unverified download sources are present. - [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns of fetching and executing remote scripts (e.g.,
curl | bash). Command snippets provided in the documentation are for standard project maintenance (e.g.,pip install,pytest). - [COMMAND_EXECUTION] (SAFE): Although the skill has access to the
BashandTasktools, the provided files do not contain any scripts that perform dangerous or hidden system operations. All shell commands in the documentation are illustrative and intended for the user's local development environment. - [PROMPT_INJECTION] (SAFE): The
llm-prompts.mdfiles contain templates designed to guide the AI in refactoring or analyzing code according to specific methodologies. These templates do not include instructions to bypass safety filters or ignore system constraints. - [DATA_EXFILTRATION] (SAFE): No network operations or unauthorized file access patterns targeting sensitive data (e.g.,
.ssh/,.aws/) were identified.
Audit Metadata