qodo-get-relevant-rules
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses the user's home directory to read
~/.qodo/config.jsonfor an API key and configuration settings. These credentials are transmitted via theAuthorizationheader to the official Qodo API (qodo-platform.qodo.ai) to authenticate rule search requests.\n- [PROMPT_INJECTION]: The skill implements a feature where rules fetched from an external API are incorporated into the agent's context to guide code generation. This creates a surface for indirect prompt injection (tool output poisoning), although the risk is mitigated by the use of a trusted vendor API.\n- [COMMAND_EXECUTION]: The skill performs shell operations usingBashto verify the git repository status (git rev-parse) and generate unique request identifiers using a Python one-liner (python3 -c). These commands are standard for the skill's operational logic.
Audit Metadata