grey-haven-code-quality-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an attack surface for Indirect Prompt Injection (Category 8) due to its intended use case. Evidence Chain: 1. Ingestion points: The skill is designed to read and analyze project code files using tools like
Read,Grep, andGlob. 2. Boundary markers: There are no explicit instructions or delimiters in the markdown files to prevent the agent from executing instructions embedded within the analyzed code. 3. Capability inventory: The skill is associated with high-privilege tools includingEdit,Write,SendMessage,TaskCreate, andTeammate. 4. Sanitization: No sanitization or escaping mechanisms are documented for the external data ingested during the analysis process. - NO_CODE (SAFE): The skill consists entirely of metadata and markdown documentation. It does not include any Python scripts, Node.js packages, or shell commands, significantly reducing the risk of direct malicious behavior or remote code execution.
Audit Metadata