project-audit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs project auditing through deterministic analysis of local repository files. No malicious network activity, credential harvesting, or unauthorized command execution was identified.\n- [SAFE]: The audit tool ingests untrusted data from the repository being analyzed (e.g., README.md, feature documentation) to calculate scores and completion rates. While this creates a surface for indirect prompt injection, the logic is limited to deterministic regex counting and line-length checks, which significantly mitigates the risk of the agent being manipulated by malicious content within the audited files.\n
- Ingestion points:
scripts/audit.jsreadsREADME.mdand Markdown files within thedocs/features/directory of the target project.\n - Boundary markers: The script generates structured JSON output which the agent parses, providing a layer of separation between raw file content and agent instructions.\n
- Capability inventory: The agent can suggest follow-up actions like
/update-docs,/codex-test-gen, or/create-requestbased on the audit results.\n - Sanitization: The tool uses specific regex patterns (e.g.,
- [x],#{1,3}\s) to extract data, rather than interpolating raw user text into control logic.
Audit Metadata