health
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes logic to scan for and redact sensitive information such as API keys, tokens, and passwords from project configuration files (e.g.,
.claude/settings.local.json) before the data is processed, preventing accidental credential exposure. - [PROMPT_INJECTION]: The skill mitigates indirect prompt injection risks when processing untrusted content from the repository and conversation logs. It explicitly instructs its analysis sub-agents to treat all ingested content as data and to ignore any instructions found within that data.
- [COMMAND_EXECUTION]: The skill uses standard local utilities including
git,python3, andjqfor project data collection and maintainability checks. These commands are executed within the scope of the local repository. - [REMOTE_CODE_EXECUTION]: Internal logic is implemented using Python code embedded in Bash scripts via heredocs. This code is used for data parsing and analysis and does not involve the execution of arbitrary external scripts or user-supplied code.
Audit Metadata