audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of reading and processing external codebase content.
- Ingestion points: The agent reads the content of every file identified in the codebase during the Phase 3 'Systematic File Review'.
- Boundary markers: Absent. There are no instructions or delimiters directing the agent to ignore potentially malicious instructions found within the audited files.
- Capability inventory: The skill has the capability to execute shell commands (
tsc,eslint,npm run lint) and write report files to the local filesystem. - Sanitization: None. The content is processed in its raw form for architectural and code quality analysis.
- [COMMAND_EXECUTION]: The skill invokes several command-line utilities.
- In Phase 2 and Phase 5, it executes
tsc,eslint, andgrep. - It triggers
npm run lint, which executes scripts defined in the local environment'spackage.jsonfile, potentially leading to the execution of unverified logic if the codebase itself is malicious.
Audit Metadata