production-readiness-review

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains compatibility instructions to 'Ignore Claude-specific mode-switch instructions'. This is documented as a mechanism to manage agent platform differences and does not target safety or ethical filter bypass.
  • [COMMAND_EXECUTION]: The skill invokes a local Python utility at '.claude/scripts/code_graph' to perform structural analysis, trace downstream impacts, and verify test coverage. This is a project-specific tool and its usage is consistent with the skill's purpose.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: backend source files and API controllers (Scope Resolution section).
  • Boundary markers: Absent.
  • Capability inventory: Sub-agent spawning, local Python script execution, and file writing to 'plans/reports/'.
  • Sanitization: The skill does not mention sanitizing or filtering the content of ingested files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:08 PM
Security Audit — agent-trust-hub — production-readiness-review