senior-fullstack
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill utilizes local Python scripts located in the
scripts/directory for scaffolding and code analysis tasks. These operations are core to its primary purpose and run within the user's local environment. - [External Downloads] (SAFE): The documentation mentions standard dependency management via
npm installandpip install -r requirements.txt. No specific suspicious third-party packages or non-standard repositories are referenced. - [Indirect Prompt Injection] (SAFE): The
code_quality_analyzer.pytool is designed to ingest and analyze project source code. While this represents a potential surface for indirect prompt injection if an attacker-controlled codebase is analyzed, the behavior is expected for this type of tool and no exploitation patterns are present. - [Data Exposure] (SAFE): Mentions of environment configuration (
.env) follow standard development best practices for local setup and do not include instructions for exfiltration or unsafe handling of credentials.
Audit Metadata