credo
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
mixbuild tool to runcredocommands in the project's shell environment. This is the primary mechanism for the 'check' and 'fix' functionalities. - [INDIRECT_PROMPT_INJECTION]: During the '/credo fix' workflow, the agent reads source code and Credo issue messages (including custom 'ExSlop' messages) to decide how to modify files. If a source file contains instructions disguised as comments or if a custom check returns a malicious message, the agent might inadvertently execute unintended code modifications.
- Ingestion points: Reads project source files and JSON/text output from
mix credo(SKILL.md, '/credo fix' section). - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the files being processed.
- Capability inventory: The skill can read files, write files, and execute shell commands (
mix credo). - Sanitization: None. The agent is instructed to fix anti-patterns identified by the check messages directly.
Audit Metadata