skills/levnikolaevich/claude-code-skills/ln-629-runtime-lifecycle-config-auditor/Gen Agent Trust Hub
ln-629-runtime-lifecycle-config-auditor
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill follows established patterns for automated code auditing, utilizing structured reporting and scoring mechanisms.
- [PROMPT_INJECTION]: The skill reads untrusted external codebase files as part of its auditing process, creating a surface for indirect prompt injection. However, given the skill's primary purpose is static analysis and reporting, this risk is considered inherent to its functionality and is not indicative of malicious intent.
- [COMMAND_EXECUTION]: The skill uses Bash and standard read/search tools to inspect local files. These operations are restricted to the audit context and do not involve executing untrusted remote code or performing unauthorized system modifications.
- [DATA_EXFILTRATION]: While the skill audits configuration and environment variable usage (e.g., checking for .env validation), it does not perform network operations to external or untrusted domains. All findings are written to a local output directory for user review.
Audit Metadata