code-error-swallowing
Fail
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill's primary purpose is code quality and security auditing, focusing on detecting suppressed error signals.
- [SAFE]: Includes explicit privacy redaction rules (defined in SKILL.md and REFERENCE-surfacing.md) to ensure tokens, keys, and home directory paths are removed from generated reports and patches before they are displayed to the user.
- [SAFE]: Dynamic context injection via the
!command is used appropriately for project discovery (using thefindcommand) to determine which language-specific logic to apply. These commands do not execute arbitrary user input or access sensitive system files. - [SAFE]: The automated scan alert for
REFERENCE-go.md(MD:HttpRequest-inf) is a false positive. The file contains technical documentation strings for Go networking functions (likehttp.Postandhttp.Client.Do) to guide the scanner in identifying unhandled errors, rather than being part of an actual HTTP exploit payload.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
Audit Metadata