Analyze Code
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's purpose is to ingest and analyze untrusted external code repositories, creating a surface for indirect prompt injection. 1. Ingestion points: External repositories and directories referenced via the /analyze-code command. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the provided markdown. 3. Capability inventory: The skill influences agent reasoning and generates content for downstream writing tasks; it does not directly perform system-level execution. 4. Sanitization: No sanitization of code comments or structure is mentioned.
- [No Code] (INFO): The skill consists only of markdown documentation and does not include any executable scripts, binaries, or configuration files, which prevents direct remote code execution or privilege escalation attacks from within the skill itself.
Audit Metadata