Skills
skills/booklib-ai/skills/clean-code-reviewer/Gen Agent Trust Hub

clean-code-reviewer

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pre-review.py executes the ruff linter using subprocess.run to provide automated feedback.
  • Evidence: Line 102 in scripts/pre-review.py invokes subprocess.run(["ruff", "check", ...]).
  • Context: The execution is restricted to the linter tool and uses list-based arguments to prevent shell injection. This is a standard utility for code analysis.
  • [PROMPT_INJECTION]: The skill processes user-provided source code, which represents an indirect prompt injection surface.
  • Ingestion points: User-provided code snippets are read by scripts/pre-review.py and processed by the agent in SKILL.md.
  • Boundary markers: The agent is instructed to focus on 'Clean Code' principles and structure reviews into specific steps.
  • Capability inventory: The skill can read local files and execute the ruff linter; it does not have network access or general command execution capabilities.
  • Sanitization: Input code is parsed using Python's ast module, which performs safe static analysis without execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 10:50 AM