senior-software-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to enforce software engineering best practices, including type safety, error handling, and security auditing through a 20-point code review checklist.
- [COMMAND_EXECUTION]: The skill includes local Python scripts (complexity_check.py and scaffold_test.py) for analyzing source code complexity and generating test files. These scripts use standard library modules (os, sys, re, pathlib) and do not execute external shell commands or arbitrary code.
- [DATA_EXFILTRATION]: The skill reveals the author's local directory structure and username ('sargupta') through absolute paths in SKILL.md. This is a form of metadata exposure common in development tools rather than a malicious exfiltration attempt.
- [PROMPT_INJECTION]: No patterns attempting to bypass safety filters or override agent behavior were identified. The instructions are strictly focused on maintainable software development standards.
- [SAFE]: Regarding indirect prompt injection surface area: The skill processes user code files via its analysis scripts. Ingestion points: User-provided source files in complexity_check.py and scaffold_test.py. Boundary markers: Absent. Capability inventory: Local file system read/write via Python standard library. Sanitization: Absent. The risk is assessed as safe/low as the scripts are intended for developer productivity within a local workspace.
Audit Metadata