fallow
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to install and run the
fallowcommand-line utility. This is the primary function of the tool and is used to analyze project files for code health metrics and unused symbols. \n- [EXTERNAL_DOWNLOADS]: The skill references downloading the CLI tool and its associated Node.js bindings from official package registries like NPM and Cargo, as well as fetching configuration and CI templates from GitHub. These are well-known and standard services for development tooling. \n- [DATA_EXFILTRATION]: Thefallow coverage upload-inventorycommand sends a list of function names and file paths to the vendor's cloud service atapi.fallow.cloud. This is a documented feature designed to help users identify code that is never invoked at runtime, but it does involve transmitting codebase metadata to an external server. \n- [PROMPT_INJECTION]: The tool performs deep analysis on user-supplied source code and HTML templates. This data ingestion creates a surface for indirect prompt injection, where malicious strings embedded in the codebase could attempt to influence the agent's behavior. The skill mitigates this by instructing the agent to use structured JSON output and suppress error logs, reducing the likelihood of tool output being misinterpreted as instructions.
Audit Metadata