pattern-recognition-specialist
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and metadata shows no signs of prompt injection, data exfiltration, or malicious obfuscation. All behaviors are consistent with the stated purpose of code quality analysis.
- [COMMAND_EXECUTION]: The skill leverages common CLI tools such as
grep,ast-grep, andjscpdto search and analyze source files. This is standard functionality for a pattern recognition specialist and does not involve arbitrary command execution or shell injection. - [DATA_EXPOSURE]: The skill intentionally scans for technical debt markers like
TODO,FIXME, andHACK. While this accesses internal code comments, it is a localized analysis task within the user's codebase and does not involve sending this data to external or untrusted destinations. - [INDIRECT_PROMPT_INJECTION]: As a tool that processes external source code, there is a theoretical surface for indirect prompt injection (Category 8). However, the capability inventory is restricted to pattern matching and metrics collection, with no risk of high-severity outcomes like unauthorized file writes or network exfiltration. Boundary markers are not explicitly defined, but the risk remains low.
Audit Metadata