Skills
skills/srstomp/pokayokay/feature-audit/Gen Agent Trust Hub

feature-audit

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes standard read-only shell commands such as find, grep, and head to locate source code files and verify implementation. These are standard diagnostic tools for codebase analysis.
  • [DATA_EXFILTRATION] (SAFE): There are no network operations, API calls to external services, or attempts to access sensitive configuration files like SSH keys or cloud credentials.
  • [PROMPT_INJECTION] (SAFE): No instructions to override agent behavior, bypass safety filters, or extract system prompts were detected.
  • [INDIRECT_PROMPT_INJECTION] (SAFE): The skill identifies and processes untrusted codebase content (e.g., source code and PRD files), which creates an attack surface. However, the risk is negligible as the operations are limited to pattern matching and discovery.
  • Ingestion points: Processes codebase files (e.g., *.ts, *.tsx, schema.ts) and project metadata (.claude/features.json, tasks.db) as described in SKILL.md and scanning-process.md.
  • Boundary markers: None present in the provided snippets.
  • Capability inventory: Shell execution of find, grep, and head for file discovery.
  • Sanitization: None present in the command instructions; the agent relies on standard utility parsing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:26 PM