code-analyzer
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts/main.cjs script uses the child_process.spawn function to execute a Node.js process. This allows the skill to run arbitrary commands on the system.
- [REMOTE_CODE_EXECUTION]: The skill is designed to execute a specific script (.claude/tools/analysis/project-analyzer/analyzer.mjs) located in the project's local directory rather than within the skill's own isolated package. This pattern allows for the execution of arbitrary code if a project contains a malicious file at that expected path.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes and analyzes untrusted source code from the user's project. (1) Ingestion points: The skill reads project files using tools like Glob and Grep. (2) Boundary markers: There are no instructions or delimiters defining the analysis output as untrusted content. (3) Capability inventory: The skill has access to the Bash tool and can execute subprocesses via its main script. (4) Sanitization: The skill does not validate or sanitize the content of the files it analyzes before presenting them to the agent.
Audit Metadata