Skills
skills/plurigrid/asi/Verification & Quality Assurance/Gen Agent Trust Hub

Verification & Quality Assurance

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the claude-flow@alpha package from the npm registry. This is a standard method for running Node-based developer tools.
  • [COMMAND_EXECUTION]: The skill executes multiple shell commands for verification and Git operations. It supports installing Git pre-commit hooks to automate verification before code is committed, which is common in professional development workflows.
  • [DATA_EXFILTRATION]: The documentation includes examples of piping verification metrics to external monitoring services like Prometheus and DataDog using curl. This is intended for legitimate monitoring but establishes a pattern for exporting internal codebase metadata to external network endpoints.
  • [PROMPT_INJECTION]: The skill processes untrusted codebase data during verification.
  • Ingestion points: Reads local source files (e.g., src/**/*.js, src/**/*.ts) and task outputs.
  • Boundary markers: Not explicitly defined in the provided configuration; relies on standard tool isolation.
  • Capability inventory: Subprocess execution, file-system writing (via --auto-fix), Git repository modification (rollback), and network requests (curl exports).
  • Sanitization: Not specified; assumes a level of trust in the codebase being analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 07:39 PM