ln-512-tech-debt-cleaner
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download shared reference files, such as clean code checklists and integration patterns, from the author's GitHub repository if they are not found locally.
- [COMMAND_EXECUTION]: Shell commands are executed via Bash to manage git staging and commits, and to run project-specific verification tools like linters and type-checkers to validate changes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it derives its modification targets and actions from an external report file (
docs/project/codebase_audit.md). * Ingestion points: Reads findings and auto-fix instructions fromdocs/project/codebase_audit.md(Workflow Step 1). * Boundary markers: No explicit markers are used to encapsulate or delimit findings from instructions within the parsed report. * Capability inventory: Includes tool access for reading, grepping, and editing files, as well as executing shell commands via Bash. * Sanitization: Employs verification steps including a 90% confidence threshold, reference checking for unused code via Grep, and automated build integrity validation (lint/typecheck) before committing changes.
Audit Metadata