Skills
skills/mksteady/mkskills/js-agents-entropy-scan/Gen Agent Trust Hub

js-agents-entropy-scan

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several shell commands and Unix utilities—including rg (ripgrep), grep, ls, awk, and wc—to perform static analysis on source code files. These operations are restricted to the local js/agents directory as part of its primary functionality for code 'entropy' scanning.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill reads local source code files to identify patterns (like console logs or missing JSDoc), there are no network operations or external URLs present that would facilitate data exfiltration.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted local data (JavaScript source code) which serves as an ingestion surface. However, it performs specific pattern matching rather than open-ended instruction processing, making the risk of indirect prompt injection minimal in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 08:49 AM