Skills
skills/ibrahim-3d/conductor-orchestrator-superpowers/eval-code-quality/Gen Agent Trust Hub

eval-code-quality

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill intentionally executes build and type-checking commands including npm run build and npx tsc --noEmit. These are standard tools used to verify the functional integrity of a codebase.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting untrusted project data that influences its execution.
  • Ingestion points: The skill reads spec.md, plan.md, tsconfig.json, package.json, and changed files (git diffs) from the project being evaluated.
  • Boundary markers: There are no explicit instructions or delimiters used to ensure the agent treats the content of these files strictly as data rather than instructions.
  • Capability inventory: The skill has the capability to execute shell commands (npm, npx) based on the configuration found in the ingested files.
  • Sanitization: No validation or sanitization of the scripts defined in package.json or configurations in tsconfig.json is performed prior to execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:10 AM