clean-code
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a mandatory verification workflow requiring the agent to execute various Python scripts located in the
.agent/skills/directory (e.g.,security_scan.py,ux_audit.py,lint_runner.py). - [COMMAND_EXECUTION]: The commands
lighthouse_audit.py <url>andplaywright_runner.py <url>incorporate a variable argument (<url>). If the agent accepts a malicious URL from an untrusted source and passes it directly to the shell without sanitization, it could result in command injection. - [PROMPT_INJECTION]: The skill includes instructions to the agent to favor direct action over explanation (e.g., 'Fix it, don't explain', 'The user wants working code, not a programming lesson'). While these are functional instructions for conciseness, they encourage the agent to prioritize speed and direct code modification which can reduce user oversight.
Audit Metadata