project-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes common shell utilities (git, find, grep, ls, jq, sed) to extract metadata about the project environment. These operations are conducted locally and are strictly aligned with the skill's purpose of orienting the agent to a new codebase.
- [EXTERNAL_DOWNLOADS]: No network requests (e.g., curl, wget) or external package installations were found. The skill relies entirely on local scripts and files provided within the plugin directory.
- [DATA_EXFILTRATION]: There are no indicators of data being transmitted outside the local environment. Access to files is limited to project manifests and documentation (README.md, package.json, etc.), and no sensitive file paths (like .ssh or .aws) are targeted.
- [PROMPT_INJECTION]: The skill contains internal logic to trigger based on the agent's self-identified uncertainty. These are structural instructions for agent activation and do not attempt to bypass safety filters or override core behavioral constraints.
Audit Metadata