health
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard auditing commands such as npm audit and pip-audit, along with file system operations like mkdir and find. These actions are appropriate for its stated function of codebase analysis.
- [DATA_EXFILTRATION]: The tool accesses codebase files to identify potential security risks like hardcoded secrets. It saves results locally and does not demonstrate any network exfiltration behavior.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external codebases. Ingestion points include all files within the target project. There are no boundary markers or explicit sanitization steps for analyzed code, but the risks are mitigated by the lack of high-privilege secondary capabilities.
Audit Metadata