asupersync-mega-skill
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell scripts (
scripts/audit-target.shandscripts/validate.sh) that the agent is instructed to execute.audit-target.shuses system tools likefind,rg(ripgrep), andcargoto analyze target projects.validate.shexecutes a local Python validation script. These are utility tools for the agent's primary purpose and do not appear to perform malicious actions. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to audit and refactor external Rust projects, which creates a surface for indirect prompt injection if the ingested code contains malicious instructions.
- Ingestion points:
scripts/audit-target.shingests file paths, dependency trees, and source code content from a user-provided directory. - Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts are provided in the script or instructions.
- Capability inventory: The skill uses shell commands (
rg,find,cargo tree) to discover project structures and dependencies. - Sanitization: No sanitization or filtering of the analyzed source code content is performed by the discovery script.
Audit Metadata