audit-code-health
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function is to ingest and analyze untrusted codebases. Malicious content within the scanned files (e.g., hidden comments or documentation) could influence the agent's behavior or cause it to ignore security findings.
- Ingestion points: Target directories/codebases scanned during 'Step 1: SCAN'.
- Boundary markers: Absent; there are no instructions to isolate or delimit the untrusted code from the agent's instructions.
- Capability inventory: The agent can execute build/test commands and file work items based on findings.
- Sanitization: Absent; the skill does not specify any filtering or sanitization of the code before analysis.
- Command Execution (HIGH): The 'Step 1: SCAN' process explicitly triggers the execution of tools like 'build' and 'tests' on the target codebase. If the codebase contains malicious build scripts (e.g., a poisoned package.json or Makefile), the agent will execute them locally, leading to potential system compromise.
- Dynamic Execution (MEDIUM): The skill involves runtime compilation and execution of untrusted code via build and test processes, which is a common vector for code injection and privilege escalation.
Recommendations
- AI detected serious security threats
Audit Metadata