Skills
skills/levnikolaevich/claude-code-skills/ln-623-code-principles-auditor/Gen Agent Trust Hub

ln-623-code-principles-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform Grep and Glob operations for codebase scanning. This is a primary function of the auditor, but shell access is a powerful capability that requires trust in the scan parameters.
  • [EXTERNAL_DOWNLOADS]: The diagram.html file references the Mermaid.js library from the jsDelivr CDN to render workflow visualizations. This is a common and standard reference for documentation purposes.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) during its analysis of untrusted repository content.
  • Ingestion points: The skill reads source code and file metadata using the Read and Grep tools across the scan_path.
  • Boundary markers: The workflow does not define specific delimiters or instructions to distinguish the audited code content from the worker's operational logic, which could lead the agent to follow instructions embedded in code comments.
  • Capability inventory: The worker has the ability to read and write files and execute bash commands within its environment.
  • Sanitization: There is no evidence of sanitization or filtering logic applied to the ingested code before it is processed by the language model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 03:02 PM