graph-audit
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the Bash tool to execute local Node.js scripts (e.g., scripts/skill-lint.js) to perform static analysis on the repository. This is a standard and expected function for a development auditing tool.
- [SAFE]: External URLs referenced in the metadata and instructions point to the author's GitHub repository and are used for documentation and evaluation purposes, which is appropriate for a vendor-maintained skill.
- [SAFE]: While the skill ingests data from other SKILL.md files in the repository (a potential surface for indirect prompt injection), this is the core function of an auditor and no malicious patterns were detected in how the data is handled.
Audit Metadata