legacy-archaeology
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions define a specialized persona for code analysis. No markers for bypassing safety filters, disregarding instructions, or role-playing malicious intents were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or network calls to external domains are present. The skill suggests reviewing environment variables as a manual step for the user, which is a standard part of code archaeology.
- [Remote Code Execution] (SAFE): No commands for downloading or executing remote scripts were detected. Code samples consist of standard Git commands (log, blame) and Javascript test structures intended for local development use.
- [Indirect Prompt Injection] (LOW): As a code analysis skill, the agent is intended to process untrusted legacy code. While this represents a surface for indirect prompt injection, the skill itself does not provide automated capabilities that would escalate the risk, and its purpose is purely consultative.
- [Obfuscation] (SAFE): No obfuscated strings, multi-layer encoding, or hidden Unicode characters were found in any of the analyzed files.
Audit Metadata