Skills
skills/ibrahim-3d/orchestrator-supaconductor/eval-code-quality/Gen Agent Trust Hub

eval-code-quality

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands npm run build and npx tsc --noEmit during Pass 1 (Build Integrity). These commands rely on the environment and the configuration provided in package.json and tsconfig.json within the repository being evaluated.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8).
  • Ingestion points: The skill reads external data including spec.md, plan.md, changed source code files, tsconfig.json, and package.json (SKILL.md).
  • Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore embedded commands or instructions within the analyzed files.
  • Capability inventory: The agent executes shell commands (npm run build, npx tsc) and generates a structured quality report which is used to determine the next steps in an automated loop.
  • Sanitization: Absent. The skill does not describe any validation or filtering of the ingested content before it is processed or used to trigger command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 05:53 PM
Security Audit — agent-trust-hub — eval-code-quality