code-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by 'SynapSync', a recognized vendor. All external resources, including the homepage (synapsync.dev) and the repository (github.com/SynapSync/skills-registry), belong to the vendor's trusted infrastructure.
- [PROMPT_INJECTION]: The skill reads and analyzes untrusted code modules, creating a potential surface for indirect prompt injection. * Ingestion points: Target file paths and code fragments processed during the Workflow stages in 'SKILL.md'. * Boundary markers: The skill instructions include 'CRITICAL RULES' to prevent assumptions, though it lacks explicit delimiters to ignore instructions embedded within analyzed source code. * Capability inventory: The skill is permitted to use 'Read', 'Edit', 'Write', 'Glob', 'Grep', 'Bash', and 'Task' tools. * Sanitization: The process relies on static analysis; there is no mention of explicit sanitization or escaping of the ingested code text before analysis.
Audit Metadata