matematico-tao
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a comprehensive framework for static code analysis using mathematical principles like Graph Theory and Information Theory. It includes Python scripts (
complexity_analyzer.py,dependency_graph.py) that parse local source files to generate reports without executing the target code. - [COMMAND_EXECUTION]: The skill involves executing local Python scripts to gather project metrics. These scripts use standard Python libraries, do not require external dependencies, and perform no network operations or unauthorized system modifications.
- [DATA_EXPOSURE]: Access to the local filesystem is scoped to the target project directory for the purpose of code analysis. There is no evidence of sensitive credential harvesting or data exfiltration to external domains.
- [PROMPT_INJECTION]: While the skill ingests untrusted data by reading local project source files, the potential for indirect prompt injection is mitigated by the static nature of the analysis tools.
- Ingestion points: Reads Kotlin files in the specified project path (e.g.,
C:\Users\renat\earbudllm). - Boundary markers: Explicit delimiters for the read code are not specified in the prompt interpolation logic, but the agent acts as an analytical observer.
- Capability inventory: Limited to file reading and report generation; no network sinks or shell execution of ingested content are present.
- Sanitization: Uses regex-based parsing to extract structured information (functions, classes) from text.
Audit Metadata