assess
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's operational logic incorporates the execution of local scripts for codebase analysis. For instance, the rule defined in
rules/complexity-breakdown.mdreferences the use of./scripts/analyze-codebase.shto calculate metrics for task decomposition. - [COMMAND_EXECUTION]: In
SKILL.md, aPreToolUsehook is configured to run a local script${CLAUDE_PLUGIN_ROOT}/hooks/bin/run-hook.mjswhenever aReadtool call is made, which is a standard pattern for managing assessment baselines and state within this framework. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted codebase data and interpolates it into prompts for specialized sub-agents. While it uses boundary markers like 'Scope Constraint' headers, it is inherently susceptible to instructions embedded in analyzed files. This is noted as a low-risk architectural attribute necessary for its primary function.
Audit Metadata