Skills
skills/levnikolaevich/claude-code-skills/ln-613-code-comments-auditor/Gen Agent Trust Hub

ln-613-code-comments-auditor

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches auxiliary configuration files, templates, and contracts from the author's GitHub repository (levnikolaevich/claude-code-skills) if they are not present in the local environment.
  • [COMMAND_EXECUTION]: Uses Bash and Grep commands to scan source files, identify forbidden patterns (like dates or authors in comments), and calculate the comment-to-code ratio.
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it is designed to ingest and process comments from external, potentially untrusted source code.
  • Ingestion points: Reads source files using standard file access and Grep tools.
  • Boundary markers: Relies on external contracts (audit_worker_core_contract.md) rather than defining specific delimiters in the skill body.
  • Capability inventory: Uses Bash, Grep, Read, and Glob tools to interact with the filesystem.
  • Sanitization: No specific sanitization or filtering logic is described for the content of the comments being audited.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 01:34 PM