deepwiki
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard Linux utilities such as
find,grep,xargs,wc, andheadto explore project structures and extract information from source files. These tools are used appropriately for codebase analysis.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes the content of local files which may contain untrusted data or malicious instructions disguised as code. - Ingestion points: The skill reads various source files (e.g., .ts, .js, .py) as specified in
SCAN_GUIDE.mdand the prompts in theprompts/directory. - Boundary markers: The skill lacks explicit delimiters or instructions for the agent to treat the analyzed code strictly as data, increasing the risk that the agent might follow instructions embedded in the code.
- Capability inventory: The agent can execute shell commands for file discovery and has the permission to read any file within the target directory.
- Sanitization: There is no evidence of sanitization, filtering, or escaping of the ingested code content before it is processed by the AI.
Audit Metadata