alpha-forge-preship
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides automated quality gates using static analysis (AST) and regular expressions. No signs of data exfiltration, obfuscation, or malicious command execution were found. All functionalities align with the stated purpose of a quality assurance plugin.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes external Markdown and Python files, incorporating snippets of their content into its output messages provided to the agent.
- Ingestion points: Validators such as gates/g1_documentation_scope.py and gates/g2_documentation_clarity.py read content from the filesystem.
- Boundary markers: No specific delimiters or 'ignore' instructions are used in the messages reporting file content.
- Capability inventory: The skill has access to Read, Bash, Grep, and Glob tools.
- Sanitization: Text extracted from analyzed files (e.g., section headers or specific lines) is included in results without sanitization.
Audit Metadata