tech-due-diligence
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform system-level operations for repository analysis, including line counting usingfindandwc, and contributor analysis usinggit logandgit shortlogcommands. - [DATA_EXFILTRATION]: The skill is explicitly instructed to search for and read sensitive files such as
.env,.env.local, and other credential or secret files within the target codebase. While this is a core part of its technical due diligence function to assess security risk, it involves accessing sensitive file paths that could be abused if the agent is redirected to a host's sensitive directories. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and analyze large amounts of untrusted external data (a codebase) without using security boundary markers.
- Ingestion points: The agent reads all source files, documentation (README.md, ARCHITECTURE.md), and configuration files from the target repository using the
Read,Glob, andGreptools. - Boundary markers: None. The instructions do not direct the agent to wrap external content in delimiters or to ignore instructions that might be embedded in code comments or documentation.
- Capability inventory: The skill has access to powerful tools including
Bash(shell execution),Read(file system access), and the ability to write a final report to the local file system. - Sanitization: None. The skill processes and samples raw text from the codebase directly into the model's context, creating a surface where malicious code comments could influence agent behavior.
Audit Metadata