software-evaluation
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a professional framework for architectural and security auditing. It focuses on identifying best practices and identifying risks like hardcoded credentials or lack of input validation in the target code.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it processes untrusted source code provided by the user.
- Ingestion points: The agent reads all files within a specified directory or module (SKILL.md).
- Boundary markers: Not present. There are no instructions to ignore natural language instructions found within code comments or string literals.
- Capability inventory: The skill primarily uses file read operations and generates markdown reports.
- Sanitization: None. The skill directly interprets the code it reads to produce its evaluation.
- Context: While instructions in analyzed code could attempt to bias the scorecard, the skill's requirement for evidence-based citations (file and line numbers) mitigates the risk of the agent hallucinating or following hidden commands without a traceable reason.
Audit Metadata