organize
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (
git ls-files,du,wc,stat) for project analysis. It explicitly follows security best practices by usinggit ls-files -zpaired withxargs -0to ensure that filenames containing spaces or special characters are handled safely without risk of command injection. - [DATA_EXPOSURE]: The skill reads project metadata such as file paths, sizes, and configuration manifests (
package.json,Cargo.toml, etc.) to generate health scores. This data remains local and is used solely for the audit report. - [REMOTE_CODE_EXECUTION]: No remote scripts are downloaded or executed. The skill relies entirely on standard system tools and the provided agent tools (Glob).
- [PROMPT_INJECTION]: The instructions are strictly operational and do not contain patterns intended to bypass safety filters or override agent behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill has a defined attack surface as it processes untrusted file metadata and manifest content. However, the risk is mitigated because dangerous actions (moving or deleting files) require explicit user confirmation and are performed using sanitized path handling.
Audit Metadata