code-header-annotator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes external source code and possesses file-write and script-execution capabilities. Ingestion points: The skill reads source files using scripts and the ripgrep tool. Boundary markers: It uses the @codex-header: v1 marker but lacks explicit protection against instructions embedded in code. Capability inventory: It has the power to modify file contents (headers) and execute local Python scripts. Sanitization: There is no evidence of sanitizing extracted content (like function names or comments) before re-inserting it into the codebase or AGENTS.md.
- [Command Execution] (MEDIUM): The instructions direct the agent to execute local Python scripts and search tools. Evidence: Shell commands like python code-header-annotator/scripts/annotate_code_headers.py and rg are used throughout the workflow.
Recommendations
- AI detected serious security threats
Audit Metadata