tech-debt-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides various shell commands and generates a local script (detect_debt.sh) to analyze code complexity and search for debt markers.
- [EXTERNAL_DOWNLOADS]: Suggests the installation of the jscpd package from the npm registry for duplicate code detection.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface. Ingestion points: Scans local files for strings like TODO and FIXME using grep. Boundary markers: None identified. Capability inventory: Execution of shell commands and script generation. Sanitization: No filtering or escaping of file content before analysis.
Audit Metadata