pastbuild-export
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Indirect Prompt Injection] (INFO): The skill processes untrusted data from local files (source code, READMEs, and manifest files) to generate project summaries. The risk is negligible as the skill lacks capabilities to execute commands with side effects, modify files, or perform network operations. 1. Ingestion points: codebase manifest files (package.json, pyproject.toml, go.mod, etc.) and documentation (README.md). 2. Boundary markers: Absent; the agent is instructed to read files directly. 3. Capability inventory: Local command execution for metadata (git log) and data display. 4. Sanitization: Absent.
- [No Code] (SAFE): The skill contains no executable code or scripts, relying entirely on the agent's internal capabilities for file analysis and string generation.
Audit Metadata