techdebt
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands such as 'sl' (Sapling) and 'arc' (Arcanist) to manage source code and perform linting. These are standard tools in specific development workflows (e.g., Meta/Phabricator).
- [PROMPT_INJECTION]: The skill processes external code files which represents a potential attack surface for indirect prompt injection. However, the skill's instructions focus on removing or refactoring code rather than executing it as instructions.
- Ingestion points: Code content retrieved via 'Read', 'Glob', and 'sl diff'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing file content.
- Capability inventory: 'Bash', 'Edit', and 'Write' tools are available.
- Sanitization: No explicit sanitization of file content is performed before analysis.
Audit Metadata