code-quality-audit
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by ingesting and analyzing untrusted source code provided by users. * Ingestion points: The skill parses source code files or directories provided by users for the audit phase (SKILL.md). * Boundary markers: Absent. The instructions do not specify the use of delimiters or warnings to ignore instructions that might be embedded within the provided code comments or strings. * Capability inventory: The skill utilizes file read capabilities for analysis and file write capabilities to generate markdown reports (audit.md and improvements.md) within a 'code-audit' directory. It does not utilize network access or shell execution. * Sanitization: Absent. There is no logic provided to sanitize or validate the content of the source code before it is incorporated into the agent's context and output.
Audit Metadata