complexity-cuts
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: Analysis of the skill body and metadata reveals no malicious behavior, obfuscation, or data exfiltration attempts. The skill focuses on standard software engineering practices for performance refactoring.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted source code (Ingestion points: files matching pathPatterns in SKILL.md). While boundary markers and explicit sanitization are absent, the risk is mitigated by the 'Iron Law' requiring existing tests to remain green, preventing the agent from following malicious instructions that would break the code's logic.
- [COMMAND_EXECUTION]: The skill requires the execution of local test suites and performance benchmarks (Capability: shell execution for testing and measurement). This is a legitimate requirement for the skill's primary purpose and is restricted to the developer's local project environment.
Audit Metadata