comprehensive-type-annotations
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for the agent to execute a shell command (
cat .claude/context/memory/learnings.md) as part of its memory protocol. This is intended to provide the agent with historical context but involves reading files from the local environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read, analyze, and refactor Python source files. If these files contain adversarial instructions (e.g., in comments), the agent might follow them while performing its tasks.
- Ingestion points: Python source files matching the glob pattern
**/*.pyare read via theReadtool. - Boundary markers: The instructions do not provide clear delimiters or warnings to ignore instructions found within the processed files.
- Capability inventory: The skill is authorized to use
Read,Write, andEdittools, allowing it to modify the codebase based on its analysis. - Sanitization: There is no evidence of input validation or sanitization of the code content before processing.
Audit Metadata