eval-skills
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and parses content from local SKILL.md files to perform its audit. This creates a surface for indirect prompt injection, where content within the audited files could theoretically contain instructions designed to manipulate the final report or scoring results. However, since the tool is intended for local project maintenance and does not involve executing the analyzed content, the risk is minimal and inherent to the skill's purpose.
- [SAFE]: No malicious behaviors, data exfiltration patterns, or unauthorized system modifications were detected. The use of Bash for file discovery via the 'find' command is restricted to project directories and is consistent with the skill's stated utility.
Audit Metadata