Skills
skills/levnikolaevich/claude-code-skills/ln-643-api-contract-auditor/Gen Agent Trust Hub

ln-643-api-contract-auditor

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool and a set of local Node.js scripts (located in references/scripts/) to manage the audit workflow, record checkpoints, and write reports. These scripts use standard Node.js modules (node:fs, node:path) and include safety checks, such as resolveArtifactWritePath, to ensure that runtime artifacts are not written to the project root.
  • [DATA_EXFILTRATION]: There are no network-capable tools used for external communication (like curl or wget to non-whitelisted domains). The scripts only interact with the local file system within the scope of the project's codebase and a hidden .hex-skills directory for artifacts.
  • [PROMPT_INJECTION]: The instructions in SKILL.md are strictly task-oriented, focusing on architectural rules (e.g., Layer Leakage, Entity Leakage). No patterns of safety bypass, system prompt extraction, or adversarial role-play were found.
  • [REMOTE_CODE_EXECUTION]: The skill does not download external code or packages. The runtime environment is managed by the scripts provided in the skill package, which perform deterministic state transitions and validation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:30 PM