code-standards-detective
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill analyzes untrusted content from the local codebase while possessing powerful tools, creating a significant attack surface. 1. Ingestion points: The skill reads source files in 'src/' and configuration files such as '.eslintrc.js', '.prettierrc', and 'tsconfig.json'. 2. Boundary markers: None; the instructions do not include delimiters or specific guidance to ignore instructions found within data. 3. Capability inventory: The 'allowed-tools' section grants the skill 'Bash' (arbitrary command execution) and 'Write' (file modification) capabilities. 4. Sanitization: None detected; the skill processes external content directly through grep and agent reasoning.
- [Command Execution] (MEDIUM): The skill explicitly uses the Bash tool to run statistical analysis commands. While the examples provided (grep, wc) are functional, the broad permission allows for arbitrary execution if the agent is manipulated by adversarial input in the analyzed codebase.
Recommendations
- AI detected serious security threats
Audit Metadata