ln-740-quality-setup
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch shared configuration files and templates from the author's official GitHub repository (
https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/) when local resources are unavailable. - [COMMAND_EXECUTION]: The verification phase involves running shell commands to confirm tool functionality, including
npm run lint,npm test,ruff check,pytest,dotnet format, anddotnet test. - [REMOTE_CODE_EXECUTION]: The skill acts as an orchestrator, delegating specific configuration tasks to specialized child skills (
ln-741,ln-742, andln-743) through direct skill tool invocation. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) as it performs discovery by reading project-controlled files like
package.jsonandpyproject.toml. These files are processed without explicit boundary markers or sanitization, and the resulting data influences subsequent tool selection and command execution. However, this is inherent to the primary function of a build/quality coordinator and does not demonstrate malicious intent.
Audit Metadata