gates
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill executes standard development tools (e.g., ESLint, Ruff, Cargo, Go) via the
Bashtool andnpxto perform code validation tasks. This behavior is consistent with its stated purpose and targets well-known utilities from official registries. - [DATA_EXPOSURE_AND_EXFILTRATION]: No patterns of unauthorized data access or external transmission were found. The skill references standard configuration paths for model settings, which is appropriate for its integration features.
- [PROMPT_INJECTION]: The instructions focus on tool workflows and orchestration. No attempts to bypass safety filters or extract system prompts were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes project files and tool outputs during the quality gate process.
- Ingestion points: Reads files and directory structures to identify languages and run linters.
- Boundary markers: No explicit instructions are provided to the agent to ignore embedded instructions in the processed data.
- Capability inventory: The skill has access to
Bash,LSP,Read, andGlobtools. - Sanitization: No explicit sanitization or validation of the processed code content is described. Note: This is considered a standard operational risk for development tools and does not indicate malicious intent.
Audit Metadata