skills/mohganji/skills/cut-the-crap/Gen Agent Trust Hub

cut-the-crap

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted source code and test coverage reports to provide analysis and refactoring suggestions.
  • Ingestion points: The skill reads local project source files and coverage reports (e.g., .json, .info, .xml) during Phase 1 and Phase 2 (SKILL.md, scripts/crap_score.py).
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded prompts within the files being analyzed.
  • Capability inventory: The agent is instructed to implement refactoring changes and write or extend tests, which involves file-write operations (SKILL.md).
  • Sanitization: No specific sanitization or escaping of the ingested code content is performed before processing.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation (REFERENCE.md) suggests the installation of various standard development tools to generate the necessary metrics.
  • Findings: References to standard packages such as 'coverage', 'c8', 'nyc', 'jest', and 'vitest', as well as a utility 'gcov2lcov' from GitHub. These are common tools in modern CI/CD and development workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 12:07 AM
Security Audit — agent-trust-hub — cut-the-crap