nabledge-5
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local bash scripts to implement its core functionality. Specifically, it executes full-text-search.sh and read-sections.sh for documentation retrieval, and prefill-template.sh and generate-mermaid-skeleton.sh to automate the creation of code analysis reports. These scripts are self-contained within the skill package and do not execute arbitrary user input.
- [PROMPT_INJECTION]: The code-analysis workflow ingests user-provided Java source code for parsing and summarization. This creates a surface for indirect prompt injection where instructions embedded in code comments could attempt to influence the agent's analysis or summary output.
- Ingestion points: User source files are identified via glob/grep and read into the context in the code-analysis.md workflow.
- Boundary markers: While the analysis is placed into a structured Markdown template, the ingestion of raw code into the LLM context represents a standard data processing surface.
- Capability inventory: The skill has permissions to read local files, execute its own helper scripts, and write report files to the .nabledge directory.
- Sanitization: No explicit sanitization or escaping of the ingested code content is performed prior to analysis, relying instead on the model's inherent guardrails.
Audit Metadata