gkg
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill runs a local script (gkg.ts) via the bun runtime. While this is the intended mechanism, it involves executing code in the local environment and relies on hardcoded absolute paths in a specific user directory.
- [PROMPT_INJECTION] (LOW): The skill processes source code implementation details, which creates a surface for indirect prompt injection. Ingestion points: Commands like read-definitions and search-codebase-definitions ingest content from project files. Boundary markers: No boundary markers or 'ignore' instructions are used to separate ingested code from the agent's instructions. Capability inventory: The skill can execute local scripts and access the file system. Sanitization: There is no evidence of sanitization of the code content before it is provided to the agent.
Audit Metadata