code-audit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external codebase content which is then used to generate reports and create automated tasks.
- Ingestion points: Files in the current working directory accessed via the
Read,Glob, andGreptools. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the audited files are provided in the subagent prompts.
- Capability inventory: The skill can spawn subagents (
Tasktool), execute directory listings (Bash), and create actionable items in external systems (mcp__transit__create_task). - Sanitization: There is no evidence of sanitization or filtering of the audited code content before it is interpolated into reports or task descriptions.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool with a restricted scope (ls:*) to list files in the directory for analysis. This is a standard operation required for its primary function and follows the principle of least privilege.
Audit Metadata