audit
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a coordinator for local analysis tasks and does not perform any inherently dangerous operations. All actions (file globbing, tool orchestration, and report generation) are consistent with its stated purpose as an audit tool.
- [EXTERNAL_DOWNLOADS]: The skill specifies that the generated HTML report may include Google Fonts. This is a reference to a well-known service and is considered safe practice for styling.
- [COMMAND_EXECUTION]: The skill uses the Agent tool to execute sub-skills (e.g., /review-code, /review-dependencies) in parallel. This is the intended design for fanning out analysis across a codebase.
- [INDIRECT_PROMPT_INJECTION]: As a tool that processes arbitrary project source code (Step 1), the skill has an ingestion surface for untrusted data. However, it functions as a wrapper and delegates actual processing to sub-agents, and its output is confined to report files in the
.turbodirectory.
Audit Metadata