code-quality
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses
grepfor usage analysis and executes standard development linters (e.g.,eslint,ruff,go vet). These commands are standard for software development and are used within their intended scope. - EXTERNAL_DOWNLOADS (SAFE): The skill references installation commands for well-known linters and formatters from established registries (npm, PyPI, Go, etc.). These are trusted tools in the development community and no suspicious third-party sources were identified.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) due to its core function of reading and processing untrusted codebase content.
- Ingestion points: Source code files are read and interpreted via the
explore-codebaseagent andgrepsearches in Phases 1 and 3. - Boundary markers: Absent; the workflow does not implement specific delimiters or warnings to ignore instructions embedded in the analyzed code.
- Capability inventory: The skill has capabilities to modify the file system (Phase 5), execute shell commands (Phases 4 and 6), and task subagents.
- Sanitization: Absent; the skill relies on the AI agent's internal reasoning to identify violations and perform 'Precision Correction' without explicit input sanitization.
Audit Metadata