Skills
skills/patricio0312rev/skills/quality-gates-enforcer/Gen Agent Trust Hub

quality-gates-enforcer

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references third-party GitHub Actions (romeovs/lcov-reporter-action, andresz1/size-limit-action) that are outside the trusted organization list. While common in CI/CD workflows, they represent unverifiable external dependencies.
  • [PROMPT_INJECTION] (LOW): Identifies an indirect prompt injection surface where tool outputs (lint results, coverage reports) are ingested and then published as PR comments via actions/github-script.
  • Ingestion points: coverage-summary.json and tool stdout (from npm run lint and npx tsc).
  • Boundary markers: Absent; no delimiters are used to wrap ingested content.
  • Capability inventory: github.rest.issues.createComment (write access to PR metadata).
  • Sanitization: Tool output is read directly from local files or captured stdout and posted without filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:54 PM