cc-code-layout-and-style
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided code snippets for review and formatting. Ingestion points: Code snippets supplied by the user are ingested for analysis in both CHECKER and APPLIER modes (SKILL.md). Boundary markers: The skill instructions do not define delimiters or specific 'ignore embedded instructions' warnings to help the model distinguish between analyzed code and potential malicious instructions in comments or strings. Capability inventory: The skill logic is restricted to text analysis and generation; it does not request or use capabilities for network access, file system modification, or subprocess execution. Sanitization: No input validation or sanitization is mentioned for the code being processed.
- [NO_CODE]: The skill consists entirely of Markdown files (SKILL.md, checklists.md, hard-data.md, language-notes.md) providing instructions and reference material. There are no executable scripts, binaries, or automated configuration files included in the skill package, which significantly reduces the risk of direct system exploitation.
Audit Metadata