finding-duplicate-functions
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected.\n
- Ingestion points:
scripts/extract-functions.shextracts code context and function signatures from the target source directory to be analyzed by subagents.\n - Boundary markers: The prompt templates in
scripts/categorize-prompt.mdandscripts/find-duplicates-prompt.mduse delimiters for data insertion but lack explicit instructions to ignore potentially malicious commands embedded in the source code.\n - Capability inventory: The skill uses
ripgrepandjqfor extraction, and expects subagents to use aWritetool for outputting results.\n - Sanitization: No sanitization is performed on the extracted code content before it is processed by LLM subagents, allowing for potential manipulation of the agent via malicious code comments or names.\n- [COMMAND_EXECUTION]: Execution of local CLI tools for code extraction and data transformation.\n
- Evidence:
scripts/extract-functions.shcallsripgrepandjq;scripts/prepare-category-analysis.shandscripts/generate-report.shutilizejq.\n - Context: These commands are central to the skill's intended functionality and are implemented using standard bash security practices like
set -euo pipefailand quoted variables.
Audit Metadata