Skills
skills/notque/claude-code-toolkit/full-repo-review/Gen Agent Trust Hub

full-repo-review

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script at ~/.claude/scripts/score-component.py to perform deterministic health checks on repository components. This dependency is expected to exist within the environment's configuration.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by ingesting and analyzing arbitrary source code from the repository.
  • Ingestion points: Phase 1 discovery commands identifying Python scripts, hooks, skills, and agents across the codebase.
  • Boundary markers: Absent; the instructions do not implement specific delimiters or 'ignore' instructions for the ingested code content.
  • Capability inventory: The skill utilizes Bash, Read, Write, Glob, and Grep tools to facilitate the discovery and reporting process.
  • Sanitization: Absent; the ingested content is analyzed as-is without validation or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 12:34 PM