code-design
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell-based formatting utilities such as cargo fmt, go fmt, black, and prettier to maintain project style standards.
- [DATA_EXFILTRATION]: To ensure consistency with existing patterns, the agent is instructed to scan the local codebase, which involves reading project files and structure.
- [PROMPT_INJECTION]: The requirement to scan the codebase introduces a surface for indirect prompt injection. 1. Ingestion points: The agent reads and analyzes local source code files as part of the pattern-matching phase (SKILL.md). 2. Boundary markers: The skill does not define specific delimiters or instructions to disregard potential commands found within analyzed code. 3. Capability inventory: The agent has permissions to write code and execute local CLI tools for formatting. 4. Sanitization: No explicit validation or filtering logic is provided for the data retrieved during the codebase scan.
Audit Metadata