Skills
skills/levnikolaevich/claude-code-skills/ln-622-build-delivery-gate-auditor/Gen Agent Trust Hub

ln-622-build-delivery-gate-auditor

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard build, lint, and test commands (e.g., npm run build, tsc --noEmit, cargo check, pytest) using the Bash tool to audit the codebase for delivery gate failures. This execution is central to its purpose and follows project-specific configuration signals.
  • [EXTERNAL_DOWNLOADS]: The skill performs checks for outdated dependencies via standard package manager commands (e.g., npm outdated, pip list --outdated, cargo outdated). These operations involve network requests to official and well-known package registries (NPM, PyPI, Crates.io) to fetch version metadata.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it ingests and processes raw output from external build and lint tools.
  • Ingestion points: Workflow steps for running build checks and analyzing output context in SKILL.md and references/build_rules.md.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore' warnings for the tool output before it is processed by the agent.
  • Capability inventory: The agent has access to Bash, Read, Grep, Glob, and file writing tools.
  • Sanitization: There is no mention of sanitizing or escaping the output from the linter or compiler before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:29 AM