codify
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data from conversation history and codebase reconnaissance (
outfitter:codebase-recon) to identify patterns for automation. - Ingestion points: Conversation streams, success/frustration signals, and automated codebase reconnaissance output (SKILL.md).
- Boundary markers: None identified. The instructions do not specify how to distinguish between legitimate patterns and malicious instructions embedded within the processed data.
- Capability inventory: The skill has a defined 'Implement' stage intended to create functional components (skills, agents, hooks) which often involve file writing and the generation of executable or interpreted logic.
- Sanitization: None identified. There is no requirement to escape or validate the contents of the identified patterns before they are codified into the new component's specification.
- [Dynamic Execution] (MEDIUM): The skill automates the generation of scripts and configurations ('Codify') based on natural language descriptions. This runtime generation of executable components (skills, commands, hooks) is a form of script generation that inherits the risks of the input data.
Recommendations
- AI detected serious security threats
Audit Metadata