code-quality
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes various standard local development utilities including ESLint, Ruff, golangci-lint, and Cargo to perform linting, formatting, and complexity analysis on source code files located within the 'src/' directory.
- [EXTERNAL_DOWNLOADS]: JavaScript and TypeScript commands utilize 'npx', which may perform network requests to the npm registry to fetch and execute packages if they are not already cached in the local environment.
- [PROMPT_INJECTION]: The skill analyzes source code comments (e.g., TODO, FIXME, HACK) and tool reports, creating a surface for indirect prompt injection. 1. Ingestion points: Files in the 'src/' directory are read by grep and linters. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the provided commands. 3. Capability inventory: The skill utilizes subprocess execution for diagnostic tools. 4. Sanitization: Tool outputs are generally filtered through 'jq' or 'wc' before being presented to the agent.
Audit Metadata