clean-code-master
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill adheres to strict engineering guardrails, requiring evidence-based claims and prohibiting the fabrication of metrics or architecture.
- [PROMPT_INJECTION]: The skill processes untrusted user-provided code as part of its primary function, which represents an indirect prompt injection surface. This is mitigated by the skill's structured output format and requirement for explicit evidence tagging.
- [INGESTION_POINTS]: User-provided source code files are analyzed in Audit, Plan, Patch, and CI modes.
- [BOUNDARY_MARKERS]: The skill uses structured report templates (A-H) and a mandatory termination footer (—END-CLEAN-CODE-MASTER—) to delimit its output.
- [CAPABILITY_INVENTORY]: The skill produces refactoring plans and provides patch guidance; it suggests integration with external tools like refactor-engine for execution.
- [SANITIZATION]: The skill enforces analytical objectivity by requiring findings to be tagged as [OBSERVED], [INFERRED], or [ASSUMPTION], effectively separating analysis from code-embedded instructions.
Audit Metadata