workflow-clean-code-angular
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run commands defined in the target project's package.json file, such as linting, type-checking, and testing scripts in steps/step-03-verify.md. If the project being audited contains malicious scripts, these commands can execute arbitrary operations on the host system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted source code. Maliciously crafted instructions could be placed within code comments or strings to influence the auditing agents' results or bypass safety guidelines.
- Ingestion points: Reads source files including .ts, .html, .scss, and .spec.ts files as specified in steps/step-01-scan.md.
- Boundary markers: The skill does not employ specific delimiters or "ignore embedded instructions" warnings when analyzing the source code content.
- Capability inventory: The skill has the capability to execute shell commands via the Bash tool and modify project files using the Write and Edit tools.
- Sanitization: No sanitization or content filtering is performed on the ingested code before it is passed to the analysis agents.
Audit Metadata