inngest-brownfield-audit
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
rg(ripgrep) command-line utility to perform targeted searches within the local repository for patterns related to Inngest usage, asynchronous code (e.g.,setTimeout,Promise.all), and third-party integrations (e.g., Stripe, Clerk). This behavior is consistent with its stated purpose of codebase auditing. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process the contents of an existing codebase, which constitutes untrusted data.
- Ingestion points: Project configuration files (e.g.,
package.json) and source code directories are read to identify framework patterns and durability gaps in the repository (SKILL.md). - Boundary markers: No explicit delimiters are used to wrap the audited code or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill performs filesystem read/write operations and executes
rgvia subprocess to facilitate the audit and implementation process (SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the audited file content before it is processed by the agent.
Audit Metadata