Skills
skills/code-yeongyu/oh-my-openagent/tech-debt-audit/Gen Agent Trust Hub

tech-debt-audit

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted data from the repository being audited (including source code and documentation) via search and read tools.
  • Ingestion points: Entire repository file structure accessed through glob, read, grep, and ast_grep_search (SKILL.md).
  • Boundary markers: Absent. The instructions do not define clear delimiters or provide warnings for the agent to ignore instructions embedded within the codebase being audited.
  • Capability inventory: High. The skill utilizes bash for system commands and task() for spawning sub-agents.
  • Sanitization: Absent. File contents are processed directly to identify patterns without prior filtering or validation.
  • [COMMAND_EXECUTION]: The skill uses the bash tool to perform repository status checks and health assessments.
  • Evidence: Runs git log to identify file churn, npm audit to check for dependency vulnerabilities, and bun test to evaluate test suite health.
  • [EXTERNAL_DOWNLOADS]: Mentions an optional external integration for enhanced analysis capabilities.
  • Evidence: References the CodeGraph repository at https://github.com/colbymchenry/codegraph as an optional MCP tool for symbol and call graph analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 01:48 AM
Security Audit — agent-trust-hub — tech-debt-audit