ln-162-skill-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates the execution of local shell utilities, including
git,grep,sed,wc, andfind, to perform its primary function as a linter and reviewer. This behavior is consistent with the skill's stated purpose and limited to the local repository environment.\n- [SAFE]: No malicious patterns or security risks were identified across the 10 evaluated threat categories.\n- [PROMPT_INJECTION]: The skill processes external markdown files (SKILL.mdand.claude/commands/*.md), representing a potential indirect prompt injection surface. However, this is inherent to its role as a reviewer. \n - Ingestion points: Local file reading within the repository scope (e.g.,
ln-*/SKILL.md). \n - Boundary markers: None explicitly used to delimit untrusted file content. \n
- Capability inventory: Access to shell execution (
bash) and file modification (Edittool). \n - Sanitization: Scripts use standard shell quoting for variables (e.g.,
"$f") to mitigate simple command injection during processing.\n- [DATA_EXFILTRATION]: No network-enabled commands or requests to external domains were found. The skill does not access sensitive system paths such as credentials or private keys.\n- [EXTERNAL_DOWNLOADS]: The skill does not perform any remote downloads or fetch external scripts/packages at runtime.
Audit Metadata