coding-agent
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The script 'scripts/coding_agent.py' dynamically modifies 'sys.path' using a computed path based on 'project_dir.parent'. This allows importing modules from outside the immediate project scope, which could lead to arbitrary code execution if an attacker can influence the parent directory's contents.\n- [Command Execution] (LOW): The skill frequently uses 'subprocess.run' to execute 'git', 'npm', 'pytest', and 'go' commands within the target project directory. This is consistent with the skill's purpose but poses a risk when operating on untrusted repositories.\n- [Indirect Prompt Injection] (LOW): The agent reads 'feature_list.json' and 'claude-progress.txt' to generate code and tests. Evidence: 1. Ingestion: 'scripts/feature_selector.py' reads 'feature_list.json'. 2. Boundary markers: Absent. 3. Capability inventory: File system writes and subprocess execution. 4. Sanitization: None; feature data is directly interpolated into generated test and source files.
Audit Metadata