Skills
skills/rarestg/rarestg-skills/code-quality/Gen Agent Trust Hub

code-quality

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs third-party packages including @biomejs/biome, knip, lefthook, ruff, and pre-commit from public registries and references external GitHub repositories for hook definitions. These sources are outside the pre-defined trusted organizations list.
  • [COMMAND_EXECUTION] (LOW): Initialization involves running shell commands such as 'npx biome init' and 'pre-commit install' to set up the local environment.
  • [PROMPT_INJECTION] (LOW): The ecosystem detection logic ingests untrusted project files (package.json, pyproject.toml) without sanitization, creating a surface for indirect prompt injection.
  • Ingestion points: package.json, pyproject.toml, setup.py, requirements.txt, tsconfig.json
  • Boundary markers: Absent
  • Capability inventory: Shell command execution (npm, pip, npx), file system writing
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM