quality-gate
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs standard development tasks, specifically automating linting, type checking, testing, and building phases sequentially.
- [COMMAND_EXECUTION]: The skill invokes shell commands retrieved from project files such as
package.json,Makefile, andCargo.toml. This is the intended behavior for a quality gate tool and is restricted to the project context. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface (Category 8) because it executes commands parsed from external project files without sanitization.
- Ingestion points: Project configuration files (
package.json,composer.json,Makefile,Cargo.toml) referenced inSKILL.md. - Boundary markers: None present; the skill executes identified strings directly.
- Capability inventory: Execution of arbitrary shell commands derived from configuration files.
- Sanitization: None; the skill assumes the integrity of the project's build configuration.
Audit Metadata