verify
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to assist in verifying code changes through the execution of standard development tools and test suites.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it is designed to execute commands defined within the repository being analyzed (e.g.,
make verify,pnpm test,cargo test). If the repository content is malicious or untrusted, these commands could lead to arbitrary code execution in the agent's environment. - Ingestion points: Repository files, including
Makefile,package.json, and guidance files likeAGENTS.mdorCLAUDE.mdmentioned in SKILL.md. - Capability inventory: The skill utilizes shell execution for tools like
make,pytest,curl,node,python,pnpm, andcargo(as specified in SKILL.md). - Boundary markers: The instructions do not specify sandboxing or boundary markers for the execution of repo-defined scripts.
- Sanitization: No sanitization of repository content is mentioned before execution.
Audit Metadata