analyzing-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The
reference/tokei-guide.mdfile suggests installation viacargo install tokei --features all. This is a standard installation method for a well-known tool, but it involves downloading and compiling code from a remote registry (crates.io). Per [TRUST-SCOPE-RULE], this is a low-risk finding. - [COMMAND_EXECUTION] (LOW): The skill frequently demonstrates complex shell pipelines involving
tokei,jq,xargs, andfind. While these are legitimate for the skill's purpose, they represent a broad capability surface for command execution. - [REMOTE_CODE_EXECUTION] (SAFE): While the guide mentions
docker run, the examples use the local context ($(pwd)) or a specific path, and do not reference untrusted or malicious remote images. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process codebase data (file paths, file contents for line counting).
- Ingestion points: Processes any file within the directory where it is run.
- Boundary markers: None specified in the prompt interpolation logic.
- Capability inventory: Significant subprocess capabilities (shell, jq, etc.).
- Sanitization: No sanitization is mentioned for filenames or file metadata processed by the tool, which could lead to schema confusion if an attacker names a file to look like a language key or includes injection content in a file that
tokeiprocesses and later passes to the LLM via JSON output.
Audit Metadata