code-cleaner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The script
scripts/run_ruff.pyperforms a runtime installation of theruffpackage viapipif it is not found in the environment. Installing unverified packages at runtime from external repositories like PyPI is a security risk as it bypasses static environment checks.\n- COMMAND_EXECUTION (MEDIUM): The scriptscripts/run_ruff.pyuses an extremely irregular logic for argument parsing:target = sys.argv[12] if len(sys.argv) > 1 else ".". This logic will cause the script to crash with anIndexErrorif a single argument is provided, but it allows for a hidden target path to be passed at the 13th argument position. This is a characteristic pattern of obfuscated or 'triggered' malicious behavior.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads and processes untrusted code files and has the capability to write to the filesystem and execute shell commands.\n - Ingestion points: Files read using
Read,Grep, andGlobtools in the workflow.\n - Boundary markers: None; the agent is instructed to refactor code based directly on file content without protective delimiters.\n
- Capability inventory: Significant modification permissions including
Write,Edit, andBash.\n - Sanitization: None; external file content is not escaped or validated before processing.
Audit Metadata