Skills
skills/deepeshbodh/human-in-loop/analysis-codebase/Gen Agent Trust Hub

analysis-codebase

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled local script scripts/detect-stack.sh and various shell utilities including grep, find, ls, and cat. These commands are used to discover project structure and configuration and are limited to the context of the local project directory.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface as it ingests and processes untrusted content from the codebase being analyzed.\n
  • Ingestion points: The skill reads several project configuration files such as package.json, pyproject.toml, Gemfile, and go.mod, as well as source code content via grep and the detect-stack.sh script.\n
  • Boundary markers: There are no explicit delimiters or specific instructions for the agent to ignore potentially malicious content embedded in the analyzed files.\n
  • Capability inventory: The skill allows for local file system access and the execution of shell scripts and common CLI tools like jq and grep.\n
  • Sanitization: The data extracted from external files is incorporated into markdown reports and JSON inventories without explicit sanitization or escaping of the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 02:12 AM