rulecheck
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface because the rulecheck-agent is designed to ingest and act upon instructions and patterns found within the codebase (such as CLAUDE.md and source files).
- Ingestion points: The agent scans the codebase to identify rule violations and read engineering principles.
- Boundary markers: The skill does not implement explicit delimiters to separate rules from the code being analyzed.
- Capability inventory: The agent has permission to edit files autonomously, push git branches, and create pull requests.
- Sanitization: No content validation is performed on the codebase data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill employs a proactive security control via a PreToolUse hook (hooks/block-dangerous.sh) to supervise and restrict shell command execution.
- This hook blocks high-risk operations such as force pushes, destructive git resets, and recursive deletions outside of specific allowed directories.
- [DATA_EXFILTRATION]: The skill contains a notification mechanism (hooks/slack-notify.sh) that transmits run summaries to a remote Slack webhook.
- The notification targets a user-supplied Slack webhook URL and sends metadata and summaries of the agent's actions.
Audit Metadata