static-analysis
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to install several external software packages, including 'semgrep', 'pysarif', and 'sarif-tools' via pip, as well as 'codeql' via Homebrew or manual download from GitHub releases. It also directs the download of query packs from GitHub repositories (e.g., trailofbits/cpp-queries). These external sources are not on the predefined list of trusted organizations.
- COMMAND_EXECUTION (MEDIUM): The skill extensively uses the 'Bash' tool to perform administrative and operational tasks, such as managing software installations, creating CodeQL databases, and executing security analysis workflows.
- INDIRECT PROMPT INJECTION (LOW): The skill is designed to process external, untrusted data which could contain malicious instructions. 1. Ingestion points: Source code files analyzed by Semgrep/CodeQL and SARIF result files parsed by 'jq'. 2. Boundary markers: Absent; there are no specific markers or instructions provided to separate untrusted content from the agent's logic. 3. Capability inventory: The skill has 'Bash' (command execution), 'Write' (file system modification), and 'Read' (file system access) capabilities. 4. Sanitization: No evidence of input validation or sanitization of the data being analyzed was found.
Audit Metadata