wiring-audit
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates local shell scripts (
render.shandverify-findings.sh) that facilitate diagram rendering and citation verification. These scripts use standard tools such asgrep,python3, andmmdc, and follow defensive scripting best practices, including the use of strict shell options and proper quoting to prevent word-splitting or injection. - [EXTERNAL_DOWNLOADS]: The skill's documentation and scripts reference the installation of
mermaid-clifrom the official NPM registry, which is a well-known and trusted service for developer dependencies. These references are used for optional visual reporting functionality. - [REMOTE_CODE_EXECUTION]: Analysis found no evidence of remote script execution or patterns that download and execute untrusted content from the network. All execution is limited to local scripts provided within the skill or standard system tools.
- [DATA_EXFILTRATION]: The skill operates entirely within the local repository's environment to produce audit reports. No network operations were found that transmit codebase information or sensitive data to external destinations.
- [PROMPT_INJECTION]: The instructions are designed to facilitate structured analysis and data extraction. There are no attempts to override system prompts, bypass safety constraints, or extract internal configuration through adversarial language.
Audit Metadata