bloat-detector
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses extensive Bash scripting to analyze file content and names. Many scripts, such as those in
modules/quick-scan.mdandmodules/ai-generated-bloat.md, lack proper quoting around variables derived from user-controlled data (e.g.,pkg,file,func). This could allow for command injection or execution errors if a codebase contains maliciously crafted filenames or strings. - [PROMPT_INJECTION]: The skill's architecture is vulnerable to indirect prompt injection because it ingests untrusted code and documentation.
- Ingestion points: Code files (.py, .js, .ts), markdown documentation, and git history records are parsed across all modules (Tier 1-3).
- Boundary markers: No specific delimiters or safety instructions are used to separate untrusted content from the agent's logic or the shell commands it constructs.
- Capability inventory: The agent can execute shell commands, read/write files via the
BashandReadtools, and invoke external analysis utilities likevultureorknip. - Sanitization: There is no evidence of sanitization or strict validation of the content extracted from the files before it is passed to shell pipelines (e.g., in
ai-generated-bloat.mdwhere import strings are parsed and used in shell commands).
Audit Metadata