code-hygiene
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's behavior matches its stated purpose of reviewing source code for maintainability principles across different programming languages.
- [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because it processes untrusted source code content. Ingestion points: Application source code files identified by the
scripts/scan-source-files.shutility. Boundary markers: The workflow instructions do not define delimiters or provide specific warnings to the agent to ignore instructions embedded in code comments or strings. Capability inventory: The skill usesBash,Read, andWritetools to scan project directories and generate finding reports. Sanitization: No explicit sanitization or filtering of code content is performed before analysis. This surface is considered a low-risk factor associated with the tool's primary purpose.
Audit Metadata