analyze-size
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes the
cloccommand locally to analyze the codebase. This is the intended primary function and is restricted to the current working directory without elevated privileges. - [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection as it processes data from local files. 1. Ingestion points: Current directory files read by
cloc. 2. Boundary markers: Absent in the output processing instructions. 3. Capability inventory:clocexecution and data interpretation. 4. Sanitization: Absent. The risk is considered low becauseclocproduces statistical summaries rather than executing file content. - [EXTERNAL_DOWNLOADS] (SAFE): The skill provides instructions for the user to install the 'cloc' utility manually if it is missing, rather than attempting to download or install software automatically.
Audit Metadata