Skills
skills/levnikolaevich/claude-code-skills/ln-624-code-quality-auditor/Gen Agent Trust Hub

ln-624-code-quality-auditor

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run static analysis utilities such as radon, gocyclo, and eslint-plugin-complexity. It also executes an internal script, references/scripts/evaluation-runtime/cli.mjs, which manages the evaluation lifecycle and state transitions.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it analyzes external, untrusted source code.\n
  • Ingestion points: The skill reads source code from the target project using the Read and Grep tools as part of its auditing workflow.\n
  • Boundary markers: While the skill uses a 'Two-Layer Detection' methodology to verify findings through context analysis, it lacks explicit prompt delimiters to isolate the ingested code snippets.\n
  • Capability inventory: The skill possesses significant capabilities, including filesystem access and shell command execution via the Bash tool.\n
  • Sanitization: There are no instructions to sanitize or escape the source code content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 11:47 AM