code-stats
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires external CLI tools
tokeianddifftto be installed viabreworcargo. These are third-party binaries whose integrity and updates are managed outside the skill's environment. - [COMMAND_EXECUTION] (LOW): Utilizes the
Bashtool to run diagnostic commands. Although the provided examples are restricted totokei,difft,git, andjq, the capability to execute shell commands poses a latent risk if the agent is manipulated. - [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection. The skill ingests untrusted data from local files through analysis tools. Evidence Chain: 1. Ingestion points: Source code files processed by tokei/difft. 2. Boundary markers: Absent. 3. Capability inventory: Bash/subprocess execution. 4. Sanitization: Absent. Malicious instructions embedded in comments or code within an analyzed repository could be interpreted by the agent as high-priority commands when viewing the tool output.
Audit Metadata