research
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs local environment analysis by reading manifest files such as package.json, requirements.txt, and Cargo.toml, and searching source code using ripgrep. These activities are consistent with the skill's purpose and do not involve unauthorized data access.
- [COMMAND_EXECUTION]: Shell commands including jq and rg are used to process local project data. These commands are used safely and do not incorporate unvalidated external input or executable scripts.
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to create research issues. This is a documented and user-controlled behavior targeting the repository's own infrastructure as a storage mechanism.
- [EXTERNAL_DOWNLOADS]: Automated web searches are performed to retrieve documentation and verify breaking changes for project dependencies. These searches target well-known technical resources and official documentation sites.
- [SAFE]: A surface analysis for indirect prompt injection was conducted. The skill ingests metadata from project manifests and local documentation, and its capability inventory is restricted to local code analysis and GitHub issue management. No evidence of unsafe interpolation or sanitization bypasses was found.
Audit Metadata