consult
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes user questions and file content, posing a surface for indirect prompt injection. This is effectively mitigated by the 'Safe Question Passing' mechanism that uses temporary files to prevent shell command injection.
- [COMMAND_EXECUTION]: All CLI flags and arguments are strictly validated against allow-lists and regular expressions before being used to construct shell commands, ensuring that only safe values are executed.
- [CREDENTIALS_UNSAFE]: An 'Output Sanitization' system is implemented to scan tool responses for API keys and tokens (e.g., Anthropic, OpenAI, AWS), redacting them before the output is returned to protect user credentials.
- [SAFE]: Path traversal is prevented through rigorous validation of file context paths, including canonicalization and directory containment checks to ensure the agent only accesses authorized project files.
- [EXTERNAL_DOWNLOADS]: Dependencies and installation commands refer to official packages from trusted organizations like Anthropic, OpenAI, and GitHub, following secure software supply chain practices.
Audit Metadata