security-review
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze untrusted codebases. Malicious instructions embedded in scanned files (e.g., in comments or READMEs) could influence the agent's behavior.
- Ingestion points: SKILL.md Step 1 and Step 3 instruct the agent to read project files and configuration.
- Boundary markers: Absent. There are no instructions provided to treat the scanned code as pure data or to ignore embedded instructions.
- Capability inventory: The agent can read files, analyze data flows, and generate reports/patches.
- Sanitization: Absent. The skill does not specify sanitization or escaping of the ingested code content.
- [REMOTE_CODE_EXECUTION]: Static analysis flagged the use of 'eval' and 'exec' in reference files. These are identified as false positives as they are documented as vulnerability patterns for the agent to detect in user code, rather than commands for the agent to execute itself.
Audit Metadata