refine
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill ingests data from the project root (e.g., package.json, CLAUDE.md) to inform its audit. Ingestion points: Project configuration files and metadata gathered by the scan script. Boundary markers: No explicit delimiters are used in the scan output. Capability inventory: Bash, Read, Write, and Edit tools. Sanitization: No pre-processing is performed, but all resulting actions require user consent.
- Command Execution (SAFE): The tool executes a bundled bash script for local project discovery. The script is read-only and well-scoped.
- Dynamic Execution (SAFE): The scanner script uses
node -efor parsing JSON, which is a standard local operation for this utility.
Audit Metadata