fix-llm-artifacts
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development tools for linting, formatting, type-checking, and testing, including git, ruff, mypy, eslint, tsc, and pytest. These commands are used as intended for project maintenance and verification.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by ingesting and acting upon data from an external JSON file (.beagle/llm-artifacts-review.json). While a malicious review file could theoretically attempt to delete or modify code, the risk is mitigated by the skill's categorization of fixes and mandatory user review for risky operations.
- Ingestion points: Reads findings from .beagle/llm-artifacts-review.json using cat and jq in Step 3.
- Boundary markers: None explicitly defined to separate review content from instructions.
- Capability inventory: File-system write access via the Task tool and broad shell execution capabilities via the linter and test suite commands in Steps 7 and 8.
- Sanitization: Relies on internal classification of fix types (e.g., unused_import vs logic_change) and explicit user confirmation (y/n/s) for all fixes deemed 'Risky'.
Audit Metadata