Skills
skills/nickcrew/claude-cortex/code-quality-workflow/Gen Agent Trust Hub

code-quality-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security vulnerabilities, malicious patterns, or unsafe practices were detected. The skill instructions focus on standard development workflows.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to ingest and process external source code files. This is an inherent trait of code analysis tools and is considered a low-risk surface in this context.
  • Ingestion points: Source files targeted via the target or path parameters in /analyze:code, /dev:code-review, and /quality:improve (references/analyze-code.md, references/code-review.md, references/quality-improve.md).
  • Boundary markers: No explicit delimiters or 'ignore' instructions are used when passing file content to subagents.
  • Capability inventory: The agent has access to Bash, Read, Write, Edit, and MultiEdit tools across the provided reference files.
  • Sanitization: No explicit sanitization of ingested code content is mentioned.
  • [COMMAND_EXECUTION]: The skill mentions using the Bash tool for external analysis tools in references/analyze-code.md. This is a standard capability for analysis workflows and the skill explicitly states it will not execute dynamic analysis requiring compilation or runtime in its boundaries section.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:13 PM