code-audit
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Scout agent (phases/phase-1-scout.md) and the refactoring workflow (references/refactoring-guide.md) are instructed to detect and execute standard development tools found in the target repository, such as linters (eslint, ruff, mypy), type checkers (tsc), and test suites. This is a primary function of the skill to provide tool-grounded audit evidence.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted source code and documentation. However, it includes proactive mitigation via the Security lens.
- Ingestion points: Source code, comments, and docstrings are read from the repository during mapping (Phase 1) and lens analysis (Phase 2).
- Boundary markers: The skill uses markdown formatting for reports but does not implement specific 'ignore instruction' delimiters for the untrusted code content read into the agent context.
- Capability inventory: The orchestrator spawns sub-agents via the Task tool and executes local commands for static analysis and testing.
- Sanitization: No explicit sanitization of ingested code content is performed, though the Security & Performance lens (references/lens-security-performance.md) is specifically tasked with detecting adversarial patterns within the audited code.
Audit Metadata