assess
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data by reading and analyzing codebase files specified in the
$ARGUMENTS. It mitigates potential indirect injection risks through the use of strict boundary markers (e.g., '## Scope Constraint' in agent-spawn-definitions.md) and by limiting the analysis scope to a maximum of 30 files to prevent resource exhaustion and context overflow. - Ingestion points: The skill reads files and directories using the 'Read', 'Grep', and 'Glob' tools within SKILL.md and references/scope-discovery.md.
- Boundary markers: Present. Sub-agents are explicitly instructed to only analyze the provided file list and not explore further.
- Capability inventory: The skill utilizes 'Agent()', 'Bash', 'Task', and 'mcp__memory' tools to perform its evaluation.
- Sanitization: The skill relies on structured prompts and platform-level guardrails rather than explicit content sanitization.
- [COMMAND_EXECUTION]: The skill is granted access to the 'Bash' tool, which is used legitimately for codebase analysis (e.g., executing a script to gather metrics in rules/complexity-breakdown.md). This is consistent with its primary purpose as an automated code assessment utility.
- [DYNAMIC_CONTEXT_INJECTION]: The skill utilizes a 'PreToolUse' hook to execute a local initialization script ('assessment-baseline-loader') before performing file reads. This is an expected pattern for loading configuration or baseline data within this platform's plugin architecture.
Audit Metadata