technical-debt
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-structured set of instructions for auditing code health and security. It follows professional software engineering standards for managing technical debt.
- [COMMAND_EXECUTION]: The skill involves running standard developer CLI tools (e.g., git, grep, npm, composer, phpstan, eslint) for static analysis and dependency auditing. These operations are restricted to the local repository and are consistent with the skill's purpose as an auditing tool.
- [DATA_EXPOSURE]: The skill proactively scans for the exposure of secrets and credentials in the source code and git history using tools like gitleaks and trufflehog. This is a legitimate security function intended to identify and remediate vulnerabilities.
- [INDIRECT_PROMPT_INJECTION]: The skill has a theoretical attack surface for indirect prompt injection as it analyzes local file contents and processes command outputs.
- Ingestion points: The agent reads and analyzes source code files and output from various auditing tools (e.g., jscpd, phpmd) as instructed in SKILL.md.
- Boundary markers: The instructions do not explicitly define markers to separate the audited code from the agent's instructions, nor do they include warnings to ignore embedded directives within analyzed files.
- Capability inventory: The skill possesses shell execution capabilities and extensive file system read access for the purpose of auditing.
- Sanitization: No specific content sanitization or filtering is performed on the data ingested from the project files.
Audit Metadata