qodo-get-rules
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Accesses the local configuration file
~/.qodo/config.jsonto retrieve theAPI_KEYfor authentication.\n - Evidence:
API_KEY=$(python3 -c "import json,os; c=json.load(open(os.path.expanduser('~/.qodo/config.json'))); print(c['API_KEY'])")(SKILL.md).\n- [EXTERNAL_DOWNLOADS]: Fetches coding rules from official Qodo platform API endpoints.\n - Evidence: Uses
curlto request rules fromhttps://qodo-platform.qodo.ai/rules/v1or configured environment subdomains (pagination.md).\n- [COMMAND_EXECUTION]: UsesBashto execute system utilities for repository inspection and configuration parsing.\n - Evidence: Executes
git origin,python3 -c,uuidgen, andcurl(SKILL.md, pagination.md).\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by incorporating externally fetched rule descriptions into the agent context.\n - Ingestion points: Rules are retrieved from the Qodo platform API (pagination.md).\n
- Boundary markers: Loaded rules are delimited by a "📋 Qodo Rules Loaded" header and a "---" footer (output-format.md).\n
- Capability inventory: The skill can execute shell commands via
Bash, includinggit,curl, andpython3(SKILL.md).\n - Sanitization: Rule descriptions fetched from the remote API are not explicitly sanitized before being rendered into the prompt context.
Audit Metadata