Skills
skills/ruvnet/ruflo/agent-analyze-code-quality/Gen Agent Trust Hub

agent-analyze-code-quality

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The pre_execution hook utilizes shell commands including find, grep, wc, and ls to scan the project directory for source files and linting configurations. These operations are aligned with the skill's primary function of code analysis.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted data from source code files. Maliciously crafted comments or strings within these files could attempt to override the agent's behavior.
  • Ingestion points: Reads files with extensions such as .js, .ts, .py, .java, and .go from directories like src/**, app/**, and services/**.
  • Boundary markers: There are no defined delimiters or specific instructions provided to the agent to ignore or isolate instructions found within the processed code files.
  • Capability inventory: The agent has access to Read, Grep, Glob, and WebSearch tools, allowing it to retrieve information and potentially leak data via search queries if manipulated.
  • Sanitization: No sanitization, validation, or content filtering is applied to the data retrieved from the file system before it is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM