Skills
skills/iamzifei/show-me-the-money/money-quality/Gen Agent Trust Hub

money-quality

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements automated security audits using recognized tools such as npm audit, pip audit, and govulncheck to identify vulnerabilities in dependencies.
  • [SAFE]: All shell command execution is scoped to standard development workflows including linting, type-checking, and testing frameworks like ESLint, MyPy, and Jest.
  • [DATA_EXFILTRATION]: The skill specifically instructs the agent to detect and flag hardcoded secrets, API keys, or credentials within the code being reviewed, which is a standard defensive security practice.
  • [SAFE]: No instances of obfuscation, remote code execution from unknown sources, or privilege escalation attempts were found.
  • [PROMPT_INJECTION]: The skill inherently processes untrusted data (code diffs and PR bodies) during the code review phase, creating a surface for indirect prompt injection. However, this is a necessary component of its primary function as a QA and security auditor.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:47 PM