ln-641-pattern-fitness-auditor

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's instructions or supporting reference files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze arbitrary source code from the local repository (documented in SKILL.md Phase 2 and scoring_rules.md). This is a standard characteristic for code auditing tools.
  • Ingestion points: SKILL.md (Phase 2 reads files via Read(file)), scoring_rules.md (various Grep/Glob patterns for candidate detection).
  • Boundary markers: None explicitly defined for isolating interpolated code during analysis.
  • Capability inventory: Bash, Read, Write, Grep, Glob, and several mcp__hex-* tools.
  • Sanitization: No explicit sanitization of ingested code content is mentioned in the workflow.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to verify code compilation and production readiness (documented in scoring_rules.md). The commands are restricted to standard build operations, such as npm run build and python -m py_compile, which are appropriate for its stated purpose as an architectural auditor.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 03:30 PM
Security Audit — agent-trust-hub — ln-641-pattern-fitness-auditor