code-quality-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a legitimate development workflow for code quality improvement and does not exhibit malicious patterns. It primarily serves as a guide for using existing MCP tools like smart-reviewer and test-generator to analyze and improve local source code.
- [PROMPT_INJECTION]: The skill is designed to process untrusted source code as part of its core functionality, which inherently presents a surface for indirect prompt injection. However, this is consistent with the skill's primary purpose and is managed within the context of developer tools.
- Ingestion points: Local source code files identified via git commands or manual paths are ingested by the
batch_review,apply_auto_fixes, andwrite_test_filetools. - Boundary markers: The documentation does not specify the use of delimiters or explicit 'ignore embedded instruction' warnings for the code content being processed.
- Capability inventory: The skill utilizes tools with file-read (
batch_review) and file-write (apply_auto_fixes,write_test_file) capabilities to perform its tasks. - Sanitization: No explicit sanitization or filtering of the code content before analysis by the agent is described in the provided workflow files.
Audit Metadata