codebase-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute local scripts defined in the project's package manager (e.g.,
npm run lint,npm run test:coverage). While these are standard development workflows, they involve executing local code that could be malicious if the codebase under analysis is untrusted. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface detected (Category 8). The skill systematically ingests untrusted content from the codebase to perform its analysis.
- Ingestion points: The skill reads
package.json,.envfiles, source code (src/,app/), and configuration files (vite.config.*,tsconfig.json). - Boundary markers: Absent. The instructions do not define delimiters or provide the agent with 'ignore instructions' warnings when reading these files.
- Capability inventory: The agent has the ability to execute shell commands (
bash), search text (grep), and read files (read). - Sanitization: Absent. There is no logic provided to filter or escape instructions embedded in the analyzed code before the agent processes them.
Audit Metadata