graph-query
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (
.claude/scripts/code_graph) via the Bash tool. It dynamically constructs commands by interpolating user-extracted strings for targets, keywords, and patterns. - [PROMPT_INJECTION]: The instruction set lacks explicit guidance or requirements for sanitizing user-provided input before it is passed to the shell. A malicious user could attempt to include shell metacharacters (e.g.,
;,&&,|) within a function name or file path to execute arbitrary commands. This is classified as an indirect injection surface where untrusted data influences high-privilege tool execution (Bash). - Ingestion points: User-provided questions identifying targets, keywords, or file paths (SKILL.md).
- Boundary markers: None present; the skill directly interpolates variables into the command string.
- Capability inventory: Uses
Bashto run Python scripts with arguments. - Sanitization: None specified in the instructions.
Audit Metadata