ln-512-tech-debt-cleaner
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically identifies and executes lint and type-checking commands based on the project's environment and the configurations discovered by
shared/references/ci_tool_detection.md. This allows for the execution of arbitrary shell commands if repository configuration files (e.g.,package.json,Makefile,Gemfile) are manipulated by an attacker. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming data from external audit reports.
- Ingestion points: The agent parses findings and actions from
docs/project/codebase_audit.md, which is an external document potentially influenced by untrusted sources or previous agent steps. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard embedded commands or formatting within the audit report content, increasing the risk of the agent obeying malicious instructions embedded in the findings.
- Capability inventory: The skill possesses the ability to modify source code using the
Edittool, executegitcommands, and run shell-based CI tools. - Sanitization: The skill implements a verification step using
grepto confirm findings, which acts as a partial validation of the finding's existence, but it lacks comprehensive sanitization or filtering of the input findings themselves against malicious directives.
Audit Metadata