ln-630-test-auditor
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a set of local Node.js scripts located in
references/scripts/to manage the audit lifecycle. These scripts handle state persistence, phase transitions, and process monitoring for audit workers. - [DATA_EXFILTRATION]: No network-enabled tools or commands (e.g.,
curl,wget,fetch) were found. The skill is designed to write its findings and runtime state to the local.hex-skillsdirectory within the project root. - [PROMPT_INJECTION]: The instructions use 'MANDATORY READ' and 'IMPORTANT' directives to guide the agent to load specific contract and protocol documentation files. This usage is benign and follows the skill's structural design for quality and compliance auditing.
- [REMOTE_CODE_EXECUTION]: All executable logic is provided as local scripts within the skill folder. There are no mechanisms for downloading or executing code from external repositories or URLs.
- [INDIRECT_PROMPT_INJECTION]: As an auditing tool, the skill ingests external data including test code and project manifests. It mitigates injection risks by using structured JSON summary contracts and rigorous schema validation (defined in
references/scripts/coordinator-runtime/lib/schemas.mjs) to process worker outputs.
Audit Metadata