Skills
skills/xu-cell/ai-engineering-init/next/Gen Agent Trust Hub

next

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes git log to retrieve recent commit history, which is a standard read-only operation used to determine the project's current development phase.\n- [PROMPT_INJECTION]: The skill scans for TODO and FIXME comments in code, which could theoretically contain malicious instructions (Indirect Prompt Injection). However, this is the intended functionality for a code-analysis skill and the risk is mitigated by the skill's role as a consultant providing suggestions rather than executing code directly.\n
  • Ingestion points: Git commit messages and Java source files in the ruoyi-modules/ directory.\n
  • Boundary markers: Not explicitly defined in the scanning patterns.\n
  • Capability inventory: Limited to read-access of local Git metadata and file contents via pattern matching.\n
  • Sanitization: The skill processes findings into an advisory report rather than into executable commands, minimizing the impact of any ingested data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:04 AM