ln-641-pattern-fitness-auditor
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's instructions or supporting reference files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze arbitrary source code from the local repository (documented in
SKILL.mdPhase 2 andscoring_rules.md). This is a standard characteristic for code auditing tools. - Ingestion points:
SKILL.md(Phase 2 reads files viaRead(file)),scoring_rules.md(various Grep/Glob patterns for candidate detection). - Boundary markers: None explicitly defined for isolating interpolated code during analysis.
- Capability inventory:
Bash,Read,Write,Grep,Glob, and severalmcp__hex-*tools. - Sanitization: No explicit sanitization of ingested code content is mentioned in the workflow.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to verify code compilation and production readiness (documented inscoring_rules.md). The commands are restricted to standard build operations, such asnpm run buildandpython -m py_compile, which are appropriate for its stated purpose as an architectural auditor.
Audit Metadata