sans25
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Grep and Git for resolving file scope and scanning source code for patterns related to common software weaknesses.
- [PROMPT_INJECTION]: Ingests untrusted code files for analysis, which creates a potential surface for indirect prompt injection.
- Ingestion points: Files identified via the --scope flag.
- Boundary markers: Not present for the content of scanned files.
- Capability inventory: System command execution (Grep, Git) and file system read/write access.
- Sanitization: No sanitization of ingested code content is performed.
Audit Metadata