clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill contains a mandatory verification workflow that requires the execution of multiple Python scripts (e.g., security_scan.py, ux_audit.py) located in .agent/skills/ subdirectories. This pattern involves executing code from paths outside the skill's own definition, which relies on the integrity of neighboring skill directories.
- [PROMPT_INJECTION] (LOW): The skill uses deceptive metadata ('priority: CRITICAL') and authoritative directives ('MANDATORY', '🔴 Rule', 'VIOLATION') to influence agent prioritization and behavior. It explicitly commands the agent to 'Fix it, don't explain' and 'Just write code,' which suppresses the AI's natural transparency and safety explanations.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's primary function is to read and edit project code, creating an ingestion surface for malicious instructions embedded in file comments. (Ingestion points: File Read/Edit tools; Boundary markers: Absent; Capability inventory: File system Read/Write/Edit; Sanitization: Absent). Note: The skill includes a 'READ -> SUMMARIZE -> ASK' protocol which acts as a human-in-the-loop mitigation.
Audit Metadata