ln-644-dependency-topology-auditor
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's functionality is strictly limited to architectural analysis, mapping imports to a dependency graph and validating them against user-defined or auto-detected rules.- [DATA_EXFILTRATION]: While the skill reads project source code and configuration files, this is necessary for its auditing function. The data is processed locally to generate markdown and JSON reports within the project's own output directory, with no evidence of transmission to external servers.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data (source code and architecture docs) and has shell execution capabilities via the Bash tool.
- Ingestion points: SKILL.md Phase 1 and Phase 2 describe reading architectural docs and all source files in the codebase_root.
- Boundary markers: No delimiters or safety instructions are provided to separate the agent's instructions from the content of the files being read.
- Capability inventory: The skill uses Read, Grep, Glob, and Bash to perform its analysis.
- Sanitization: There is no mention of sanitizing or escaping the content of processed files before analysis.
Audit Metadata