phaser-analyze
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs an internal bash script to automate discovery and baseline analysis. This script is scoped to the target project directory and uses standard utilities (find, grep) to calculate metrics and identify potential API issues.
- [PROMPT_INJECTION]: The skill processes untrusted user-provided source code, creating an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: source code files and package.json. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution via the analyze-project.sh script. 4. Sanitization: Absent. This is a standard risk for analysis tools and is considered low impact in this context.
- [SAFE]: Extensive review of the skill's scripts and instructions revealed no evidence of data exfiltration, persistence, or obfuscation. The skill adheres to best practices by focusing exclusively on the project codebase it is designed to analyze.
Audit Metadata