tech-debt-audit
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local development and audit tools including
git,rg,ast-grep,npm audit,pip-audit, andcargo audit. These operations are consistent with the skill's documented purpose of performing a technical debt audit and architectural review. - [EXTERNAL_DOWNLOADS]: The documentation provides installation instructions that fetch the skill manifest from the author's GitHub repository (
ksimback/tech-debt-skill). This is a standard distribution pattern for agent skills and uses a well-known service. - [PROMPT_INJECTION]: The skill processes untrusted data from the codebase being audited, creating a surface for indirect prompt injection. This is inherent to the functionality of a code analysis tool.
- Ingestion points: Processes all files in the current repository,
README.md, package manifests, andgit logoutput. - Boundary markers: No specific delimiters or instructions to ignore embedded instructions are used when processing codebase content.
- Capability inventory: The skill can execute shell commands (audit tools) and write files (
TECH_DEBT_AUDIT.md) based on its analysis. - Sanitization: No explicit sanitization or filtering of the ingested code content is performed before the model analyzes it.
Audit Metadata