stinkysnake
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
uv runto execute various standard Python development tools includingruff,ty,mypy,pyright,rg,fd, andpytest. These tools are called using user-supplied file paths or modules as arguments. - [COMMAND_EXECUTION]: The skill executes a Python snippet via
uv run python -c 'from dh_paths import plan_dir; print(plan_dir())'to resolve local paths. This involves importing and executing code from the local environment (e.g., the project being analyzed). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests and processes content from untrusted files provided by the user.
- Ingestion points: Content from source code files,
pyproject.toml, and project documentation. - Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating file content into prompts for analysis or planning.
- Capability inventory: The skill has extensive capabilities including shell command execution (
uv run), file writing for reports and plans, and the ability to delegate tasks to other sub-agents. - Sanitization: The skill does not perform sanitization or validation of the code content before it is analyzed by the AI to generate refactoring plans.
Audit Metadata