inngest-brownfield-audit

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the rg (ripgrep) command-line utility to perform targeted searches within the local repository for patterns related to Inngest usage, asynchronous code (e.g., setTimeout, Promise.all), and third-party integrations (e.g., Stripe, Clerk). This behavior is consistent with its stated purpose of codebase auditing.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process the contents of an existing codebase, which constitutes untrusted data.
  • Ingestion points: Project configuration files (e.g., package.json) and source code directories are read to identify framework patterns and durability gaps in the repository (SKILL.md).
  • Boundary markers: No explicit delimiters are used to wrap the audited code or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill performs filesystem read/write operations and executes rg via subprocess to facilitate the audit and implementation process (SKILL.md).
  • Sanitization: There is no evidence of sanitization or validation of the audited file content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 03:58 PM
Security Audit — agent-trust-hub — inngest-brownfield-audit