Skills
skills/moonrepo/moon/improve-code-quality/Gen Agent Trust Hub

improve-code-quality

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands from the cargo toolchain, including cargo check, cargo clippy, cargo fmt, and cargo nextest. These are standard development tools used for the skill's primary purpose of code analysis and improvement.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the local repository (source code and Cargo.toml files) and processes it to generate reports. If an attacker places malicious instructions inside these files, the agent might attempt to follow them.
  • Ingestion points: Source files at the target path and the package's Cargo.toml file.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded directions are used when the agent reads file content.
  • Capability inventory: The skill has the capability to execute shell commands (cargo) and write modifications to files during the fixing phase.
  • Sanitization: No explicit sanitization of file content is performed prior to the analysis phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 01:05 PM