techdebt-finder
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses common shell utilities including
grep,find,git,awk, andwcfor codebase analysis. These commands are standard for the stated purpose and operate in a read-only manner on local files.\n- [PROMPT_INJECTION]: As the skill parses source code, it possesses an attack surface for indirect prompt injection. This is considered a low-risk vulnerability because the extraction logic uses specific regex patterns and the output is limited to a descriptive report.\n - Ingestion points: Reads code files and git history in
references/detection-patterns.mdandreferences/prioritization.md.\n - Boundary markers: None provided to separate untrusted code comments from the agent's instructions.\n
- Capability inventory: Uses read-only CLI tools for analysis and report generation; no automated file system modification or network access is requested.\n
- Sanitization: Code identifiers are filtered using word-character regex (\w+) during extraction to prevent command injection in the analysis scripts.
Audit Metadata