ln-645-open-source-replacer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves executing shell commands
wc -landgrepto analyze file metrics and identify code patterns such as exports and class definitions within the codebase.- [EXTERNAL_DOWNLOADS]: Thediagram.htmlfile loads the Mermaid JS library from thecdn.jsdelivr.netcontent delivery network to render visual workflow diagrams.- [DATA_EXFILTRATION]: The skill transmits extracted module goals, summaries, and technology stack information to external search engines and research tools viaWebSearch,Context7, andRefto identify open-source alternatives.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted source code from the project under audit to derive its search strategies and evaluation summaries. - Ingestion points: Source code files (.ts, .js, .py, etc.) are read during Phase 1 and Phase 2 in
SKILL.mdto classify logic and extract goals. - Boundary markers: The skill does not implement explicit boundary markers or directives to prevent the agent from following instructions embedded within the analyzed source code.
- Capability inventory: The skill has permissions to read/write files, execute system commands (
wc,grep), and perform web searches. - Sanitization: No sanitization or validation of extracted code goals is described before they are interpolated into web search queries.
Audit Metadata