code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill makes extensive use of Bash and Grep to analyze local files for security risks and quality issues. This is the primary function of the skill and aligns with its description.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes package managers and security scanners (npm audit, pip-audit, safety) that communicate with official repositories to check for known vulnerabilities. It also uses npx to run analysis tools which is standard practice in development environments.
- PROMPT_INJECTION (LOW): By its nature of reading external source code, the skill has an indirect prompt injection surface. While it does not include instructions to the agent to disregard embedded content, this is a common risk for code analysis tools and is not exploited by the skill itself.
- DATA_EXFILTRATION (SAFE): The skill searches for hardcoded secrets to report them to the user but contains no logic or external network calls to exfiltrate this data.
Audit Metadata