code-quality
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various CLI tools such as eslint, ruff, go vet, and jscpd to perform static analysis and code formatting tasks across multiple programming languages.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of well-known developer tools and linters from official package registries using npm, pip, go install, and other standard package managers.
- [PROMPT_INJECTION]: The skill analyzes external codebases which presents an indirect prompt injection surface. Malicious instructions embedded in source code files could potentially influence the agent's behavior during the validation phases.
- Ingestion points: Files within the user-provided directory are read during exploration and detection phases.
- Boundary markers: The workflow does not explicitly define delimiters to isolate code content from instructions.
- Capability inventory: The agent can execute shell commands and utilize sub-agents (explore-codebase, research-expert).
- Sanitization: There is no mention of sanitizing or filtering input files before processing.
Audit Metadata