clean-code

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a mandatory verification workflow requiring the agent to execute various Python scripts located in the .agent/skills/ directory (e.g., security_scan.py, ux_audit.py, lint_runner.py).
  • [COMMAND_EXECUTION]: The commands lighthouse_audit.py <url> and playwright_runner.py <url> incorporate a variable argument (<url>). If the agent accepts a malicious URL from an untrusted source and passes it directly to the shell without sanitization, it could result in command injection.
  • [PROMPT_INJECTION]: The skill includes instructions to the agent to favor direct action over explanation (e.g., 'Fix it, don't explain', 'The user wants working code, not a programming lesson'). While these are functional instructions for conciseness, they encourage the agent to prioritize speed and direct code modification which can reduce user oversight.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 04:14 PM
Security Audit — agent-trust-hub — clean-code