Skills
skills/levnikolaevich/claude-code-skills/ln-624-code-quality-auditor/Gen Agent Trust Hub

ln-624-code-quality-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to invoke external utilities such as radon, gocyclo, and eslint-plugin-complexity. This involves executing commands that interact with external file paths.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from an external codebase.
  • Ingestion points: Files and directory structures located within the scan_path (SKILL.md).
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate untrusted file content from the agent's internal logic.
  • Capability inventory: The skill possesses significant capabilities including Read, Grep, Glob, and Bash execution (SKILL.md).
  • Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is analyzed or included in the audit report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 04:09 PM