tech-debt
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates locally using standard file manipulation and search tools (Glob, Grep, Read, Write) to automate project management tasks. It does not exhibit malicious patterns such as data exfiltration, obfuscation, or unauthorized access.
- [PROMPT_INJECTION]: The skill processes untrusted input from the codebase in the form of code comments. This presents an indirect prompt injection surface; however, the skill explicitly mandates user confirmation ('Ask: May I write...?') before updating the debt register. This design ensures that any potentially malicious instructions hidden in code comments cannot be executed or persisted without human review.
Audit Metadata