code-explainer
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands (e.g.,
npx ai-explain <file>) to perform its core functionality. - [EXTERNAL_DOWNLOADS]: The utility is invoked via
npx, which downloads and runs theai-explainpackage from the NPM registry if it is not already installed locally. - [DATA_EXFILTRATION]: The tool is designed to read local source code files and send their contents to a remote AI service for processing. This could lead to the exposure of sensitive source code, internal business logic, or accidentally hardcoded credentials to an external third-party service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes the content of untrusted code files that may contain instructions hidden in comments or strings intended to manipulate the AI's explanation.
- Ingestion points: Local source code files (e.g.,
src/auth.ts,scripts/deploy.py) provided as arguments to the tool. - Boundary markers: Absent; the tool does not specify the use of delimiters or 'ignore' instructions for content found within the files.
- Capability inventory: File system read access, shell command execution, and network transmission via the
ai-explainCLI tool. - Sanitization: No sanitization or filtering of the source code content is described before it is transmitted for analysis.
Audit Metadata