code-metrics
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues detected. The skill performs local analysis of source code files using ast-grep, jq, and awk.
- [COMMAND_EXECUTION] (SAFE): Shell commands used for analysis (ast-grep, jq, awk, git) are correctly quoted in the provided shell script, and input paths are validated as existing files.
- [DATA_EXFILTRATION] (SAFE): No network requests or data exfiltration attempts were found; the skill only processes file content locally to generate metric summaries.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill possesses a surface for indirect injection as it reads user-controlled code files, but it mitigates this by extracting only specific structural patterns and formatting them as numerical data in a metrics report.
Audit Metadata