Skills
skills/ggwicz/skills/tidy-code/Gen Agent Trust Hub

tidy-code

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The 'tests/run-tests.sh' script clones the 'bats-core' repository from GitHub. This is a legitimate download of a standard testing tool used to verify the skill's file discovery script.
  • [COMMAND_EXECUTION]: The skill uses a local bash script ('scripts/scan-source-files.sh') to identify application and test files for review. This script is well-defined and performs standard file system traversal using 'git' or 'find'.
  • [PROMPT_INJECTION]: The skill analyzes user-provided source code, which introduces an indirect prompt injection surface.
  • Ingestion points: Project files read by the 'Read' tool in 'SKILL.md' and processed by sub-agents.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are provided when passing the source code content to the 'Task' sub-agents.
  • Capability inventory: The skill is authorized to read/write files and manage sub-tasks, but lacks broad network or system administrative access.
  • Sanitization: The skill does not sanitize or escape the content of the source code files before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 01:57 AM