clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill includes a 'Verification Scripts' section that mandates the execution of multiple Python scripts via the CLI.
- Evidence: Commands such as
python .agent/skills/vulnerability-scanner/scripts/security_scan.py .andpython .agent/skills/api-patterns/scripts/api_validator.py .are listed as mandatory steps. - Risk: These scripts are located in a hidden
.agent/directory. Since the content of these scripts is not part of the skill, there is a risk of executing unvetted or malicious code if that directory is compromised or contains untrusted scripts. - [PROMPT_INJECTION] (LOW): The skill uses extremely assertive language and override markers to dictate agent behavior.
- Evidence: Use of markers like
🔴 CRITICAL:,MANDATORY, and🔴 VIOLATIONto enforce specific workflows. - Context: While intended to maintain code quality, such strong directives can sometimes be leveraged to override standard safety or system-level constraints.
Audit Metadata