code-complexity-audit
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various git commands, including
git log,git blame, andgit merge-base. These commands are used to identify churn-heavy files and attribute design findings to authors within a 100-commit window. These are standard read-only operations for repository auditing. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of reading and interpreting untrusted source code and comments. Ingestion points: Source code and file content are read during Step 2 (Sampling) and Step 3 (Deep Analysis). Boundary markers: The process lacks explicit instructions or delimiters to prevent the agent from executing instructions found within the code comments. Capability inventory: The skill has the capability to execute shell commands (git). Sanitization: No sanitization is performed on the analyzed content before the agent evaluates it for the final report, potentially allowing crafted comments to influence the audit verdict.
Audit Metadata