review-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function is to ingest and process untrusted data from external codebases.
- Ingestion points: The skill reads external codebase content using the
/scoutand/scout-extcommands and processes user-provided tasks via the$ARGUMENTSvariable. - Boundary markers: It employs
<tasks>tags to encapsulate input, but lacks explicit instructions to ignore malicious instructions embedded within the scanned codebase files. - Capability inventory: The skill can create directories, write markdown files (
plan.md,phase-XX.md), execute shell commands (e.g., ImageMagick), and perform git operations (commit/push) via thegit-managersubagent. - Sanitization: No explicit sanitization or filtering of codebase content is defined, though the instructions encourage the agent to be skeptical and verify findings.
- [COMMAND_EXECUTION]: The skill instructions explicitly direct the agent to use external command-line utilities.
- Evidence: It specifies the use of
ImageMagickfor image editing tasks and refers to the use of slash commands (/scout,/scout-ext) and subagents that likely execute shell commands for research and git management.
Audit Metadata