ln-511-code-quality-checker
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes Model Context Protocol (MCP) tools, such as
ref_search_documentationandquery-docs, to retrieve external documentation for validating code optimality and best practices. These are used as intended for research and do not involve executing untrusted remote scripts. - [COMMAND_EXECUTION]: The workflow includes static analysis tasks such as calculating cyclomatic complexity and searching the repository for duplicate logic (DRY violations) or dead code using pattern matching. These operations are limited to the local codebase for auditing purposes.
- [PROMPT_INJECTION]: The skill processes untrusted data which presents a surface for indirect prompt injection.
- Ingestion points: Implementation tasks and story descriptions are loaded from Linear (SKILL.md Step 2); repository source code is read for analysis (SKILL.md Step 7).
- Boundary markers: The workflow does not specify the use of delimiters or instructions to ignore embedded prompts within the ingested data.
- Capability inventory: The skill has capabilities to read local files, perform external searches via MCP tools, and post findings as comments to the Linear platform.
- Sanitization: There are no explicit sanitization or filtering steps mentioned for the content retrieved from external tasks or local source files.
Audit Metadata