Skills
skills/tw93/claude-health/check/Gen Agent Trust Hub

check

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses established command-line tools (git, gh, vercel) to manage repositories and analyze code. Its operations are transparent and consistent with its stated purpose as a development utility.\n- [PROMPT_INJECTION]: The skill inherently processes untrusted data as part of its code review function, creating an indirect prompt injection surface.\n
  • Ingestion points: The agent reads untrusted content from git diff output and GitHub issues/PRs using gh issue list and gh pr list in SKILL.md.\n
  • Boundary markers: There are no explicit delimiters instructed for use to separate untrusted diff text from the agent's core instructions.\n
  • Capability inventory: The skill possesses write access to GitHub (gh issue comment), the ability to modify local files via autofixes, and the capacity to execute shell scripts (scripts/run-tests.sh).\n
  • Sanitization: Input data is not sanitized or escaped before processing, which is a common characteristic of code review automation. This is documented as an inherent risk rather than a malicious defect.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 02:18 AM