setup-quality
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates on local repository files to establish development standards. It does not attempt to exfiltrate data, access sensitive credentials, or perform obfuscated operations.
- [COMMAND_EXECUTION]: The skill instructs the agent to run standard development commands such as
pnpm install,pnpm test, andpnpm build. These are necessary to verify that the quality-gate setup is functional and are conducted within the local project context. - [INDIRECT_PROMPT_INJECTION]: The skill reads and interprets content from various local files to determine the project's configuration.
- Ingestion points: Reads
package.json,CLAUDE.md,README.md, and other project-specific documentation or configuration files. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing these files.
- Capability inventory: Includes the ability to write/modify local files and execute shell commands via
pnpm. - Sanitization: There is no explicit sanitization or validation of the content read from the project files before it influences agent actions.
Audit Metadata