extract-requirements
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill's primary purpose is to ingest and analyze untrusted data from legacy codebases, creating a surface for indirect prompt injection.
- Ingestion points: Reads all files within the user-specified directory via
codecompass batch:index <path>andcodecompass requirements:extract. - Boundary markers: Absent; the workflow does not specify delimiters or instructions to ignore embedded commands within the code being analyzed.
- Capability inventory: The skill possesses the capability to execute shell commands and write files to the local system.
- Sanitization: There is no evidence of sanitization or filtering to prevent the agent from obeying instructions hidden in code comments or string literals.
- [Command Execution] (MEDIUM): The skill requires the execution of a specialized CLI tool (
codecompass) that is not part of standard system utilities or a verified package from a trusted organization. This introduces risk if the binary has been tampered with or is malicious. - [Metadata Poisoning] (LOW): Automated scans flagged
requirements.mdas a malicious URL. This appears to be a false positive where a standard markdown output filename was misinterpreted as a blacklisted URL string, though it highlights the potential for deceptive naming in tool outputs.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata