Ark Analysis
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Clones the
agents-at-scale-arkrepository from the author's GitHub organization (mckinsey) to a temporary local directory. - [COMMAND_EXECUTION]: Utilizes standard, non-privileged system tools such as
git,grep,find,cat, andrgto explore and search the cloned codebase. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and processes external codebase content. While the source repository is owned by the vendor, the agent should treat code and documentation as data rather than instructions.
- Ingestion points: Source code, YAML configurations, and markdown documentation files located in
/tmp/ark-analysis. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Limited to file system navigation, text searching, and repository cloning. No high-risk capabilities such as arbitrary code execution (
eval/exec) or outbound network requests for data exfiltration were detected. - Sanitization: None.
Audit Metadata