fixer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to run project-specific build and lint commands. While these are arbitrary commands defined in the workspace configuration (e.g., package.json), this behavior is consistent with the skill's primary purpose of diagnosing broken builds.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill reads untrusted data from the workspace, including package.json, README.md, CLAUDE.md, and git log history (SKILL.md, Step 1).
- Boundary markers: No explicit delimiters are used when reading these files, though the skill provides a rigid internal 'Triage Protocol' to guide the agent's reasoning.
- Capability inventory: The skill can execute git commands (status, log, diff, checkout), build/lint scripts, and write/modify project files.
- Sanitization: No sanitization of file content is performed before processing.
- DATA_EXPOSURE (SAFE): The skill accesses project metadata and git history to establish a 'ground truth.' This is a necessary diagnostic function and does not target sensitive system files or user credentials (e.g., .ssh or .aws folders).
- EXTERNAL_DOWNLOADS (LOW): The playbooks suggest using 'curl' to test API integrations in isolation (diagnostic-playbooks.md). This is a standard troubleshooting technique and does not involve executing remote scripts.
Audit Metadata