fix
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands such as
grep,glob, and a project-specific Python script.claude/scripts/code_graph. These are standard tools used for code analysis within the project environment and do not involve untrusted input in shell execution contexts. - [PROMPT_INJECTION]: The skill uses strong instructional language (e.g., "MANDATORY", "NON-NEGOTIABLE", "IMPORTANT") to enforce strict debugging standards, human-in-the-loop checkpoints, and planning steps. These instructions reinforce safety and quality protocols rather than attempting to bypass model constraints or safety filters.
- [DATA_EXFILTRATION]: Analysis is restricted to local codebase files and project documentation. The skill writes its findings and reports to local directories like
plans/reports/and.ai/workspace/analysis/. There are no network operations targeting external domains or untrusted servers. - [EXTERNAL_DOWNLOADS]: The skill does not perform any remote package installations or download external scripts. It relies on pre-existing local scripts and standard system utilities.
- [SAFE]: The skill includes robust safety features, such as mandatory plan validation, red flag stop conditions that escalate to the user via
AskUserQuestion, and a requirement for post-fix verification.
Audit Metadata