code-stats
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool to execute commands like tokei, difft, and git. This provides a powerful execution environment that could be misused if the agent's logic is subverted.
- [INDIRECT_PROMPT_INJECTION] (HIGH): 1. Ingestion points: The skill reads and processes content from files in the codebase through the tokei and difft tools. 2. Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat output from these tools as untrusted or to ignore embedded instructions. 3. Capability inventory: The skill is granted access to the Bash tool, which allows for file modification, system interaction, and arbitrary command execution. 4. Sanitization: Absent. Content from the codebase is processed and presented to the agent without filtering. Analysis: A malicious codebase could contain instructions within source files or diffs designed to hijack the agent's behavior. Given the availability of the Bash tool, a successful indirect injection could result in arbitrary code execution on the host machine.
Recommendations
- AI detected serious security threats
Audit Metadata