codeql
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the CodeQL CLI bundle from the official GitHub releases page (github.com/github/codeql-action).
- [EXTERNAL_DOWNLOADS]: It includes commands to download specialized security query packs from Trail of Bits, a well-known and reputable security research organization.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute CodeQL CLI operations, including database initialization, analysis, and query testing.
- [COMMAND_EXECUTION]: It facilitates the execution of arbitrary build commands provided in the project context (e.g., 'make', 'cargo build', 'dotnet build') which are necessary for analyzing compiled languages.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests and processes untrusted source code.
- Ingestion points: Local source code files parsed during database creation via the '--source-root' parameter.
- Boundary markers: Absent; the agent is instructed to run build commands directly within the source directory.
- Capability inventory: Full Bash access for running the CodeQL CLI and project build scripts.
- Sanitization: Absent; the skill relies on the integrity of the project code provided for analysis.
Audit Metadata