enhance-cross-file
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command using
node -e. This allows for the dynamic execution of JavaScript code directly from the command line, which is used to trigger the analysis logic. - [REMOTE_CODE_EXECUTION]: The skill depends on a local script file located at
./lib/enhance/cross-file-analyzer.js. Because this file was not provided as part of the skill for auditing, its contents and behavior remain unverifiable, representing a risk where the agent may execute unvetted or potentially malicious logic included in the dependency. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted data from the filesystem.
- Ingestion points: The tool reads content from multiple files (agents, skills, and workflows) across the directory structure via
a.analyze('.'). - Boundary markers: The skill lacks explicit markers or instructions to isolate the data being analyzed from the agent's instructions, nor does it warn the agent to ignore instructions embedded in the analyzed data.
- Capability inventory: The skill possesses the capability to execute shell commands (
node -e). - Sanitization: There is no evidence of sanitization or filtering of the file content before it is processed by the analyzer or reported back to the agent context.
Audit Metadata