apex-decompose
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes internal bash and PowerShell scripts (scan-deps.sh and scan-deps.ps1) to perform automated dependency analysis and directory scanning. These scripts are bundled with the skill and operate only on local paths provided by the user.
- [PROMPT_INJECTION]: The skill identifies and processes external source code, creating an indirect prompt injection surface.
- Ingestion points: Untrusted source files within the are read and analyzed by the agent.
- Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the source files.
- Capability inventory: The skill has read access to the local file system and the ability to execute bundled scripts.
- Sanitization: No filtering or sanitization is applied to the content of the source files before they are processed in the agent context.
Audit Metadata