Skills
skills/duc01226/easyplatform/graph-export/Gen Agent Trust Hub

graph-export

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python script at .claude/scripts/code_graph. This script is responsible for reading the database and generating the JSON export.\n- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection (Category 8) as it processes untrusted source code to generate the graph data.\n
  • Ingestion points: The skill reads local files (e.g., src/auth.py, src/api.py) to build or export nodes and edges.\n
  • Boundary markers: There are no explicit delimiters or instructions to the agent to ignore potentially malicious content embedded in function names, comments, or class structures within the exported JSON.\n
  • Capability inventory: The skill possesses Bash and Read capabilities, allowing it to execute local scripts and access the filesystem.\n
  • Sanitization: No explicit sanitization or validation of the extracted code data is mentioned before it is written to the JSON output.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:11 AM