fight-repo-rot
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to perform read-only repository analysis through tools like git log, git grep, find, and wc to compute churn and complexity metrics.
- [EXTERNAL_DOWNLOADS]: Recommends installing well-known static analysis utilities from official registries, such as vulture and lizard via PyPI, and knip or madge via npm, to facilitate specialized code health checks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted source code and git history. 1. Ingestion points: Reading local repository files and command outputs. 2. Boundary markers: Not specified in the instructions. 3. Capability inventory: Access to shell execution and local file reading. 4. Sanitization: No explicit sanitization of ingested content is defined.
- [SAFE]: The skill operates within its intended diagnostic scope and uses trusted tools and methodologies for repository auditing.
Audit Metadata