api
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to run semgrep, bandit, and brakeman on target codebases. This is expected behavior for a security tool and adheres to a defined audit workflow.
- [PROMPT_INJECTION]: The skill processes external source code, creating a surface for indirect prompt injection.
- Ingestion points: Source files from routes, controllers, and serializers are read into the agent's context.
- Boundary markers: The workflow lacks explicit delimiters or instructions to ignore potentially malicious instructions embedded in code comments.
- Capability inventory: The skill can execute command-line tools and generate output based on analyzed data.
- Sanitization: There is no evidence of sanitization or filtering of the code content before analysis.
Audit Metadata