gkg
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local JavaScript file ".codex/khuym_status.mjs" using Node.js to determine repository readiness. It also utilizes "ripgrep" ("rg") for fallback file discovery and symbol searching within the local codebase.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the repository files being analyzed. * Ingestion points: Codebase files and symbol definitions accessed through "repo_map", "read_definitions", and "rg". * Boundary markers: None identified in the instructions to distinguish between code content and instructions. * Capability inventory: The skill can execute local scripts ("node"), perform file searches ("rg"), and write discovery logs to the "history/" directory. * Sanitization: No sanitization or validation of the ingested code content is performed before processing.
Audit Metadata