Skills
skills/montagao/skills/repo-elegance-review/Gen Agent Trust Hub

repo-elegance-review

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard system utilities including ls, rg, find, and git status to perform repository mapping and metadata collection as described in the SKILL.md workflow. These tools are used for read-only filesystem inspection and do not pose a security risk.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted content from external software repositories.\n
  • Ingestion points: The skill reads project files such as README.md and configuration manifests like package.json or pyproject.toml to evaluate the repository structure.\n
  • Boundary markers: Absent; there are no defined markers in the prompt instructions to separate analyzed file content from the agent's core instructions.\n
  • Capability inventory: The agent utilizes file listing and reading capabilities via ls, rg, and find commands.\n
  • Sanitization: Absent; the skill does not implement explicit sanitization or validation logic for the content retrieved from the repository files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:33 AM