agent-code-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill repeatedly calls
npx claude-flow@alphain its hooks and workflow phases. This package is not from a trusted organization (e.g., Anthropics, Google, Microsoft) and is pulled from the public npm registry at runtime, which poses a supply chain risk. - [REMOTE_CODE_EXECUTION] (MEDIUM): The use of
npxto fetch and execute a remote script/package at runtime without pinned versions or integrity hashes constitutes remote code execution of unverified content. - [COMMAND_EXECUTION] (MEDIUM): The skill executes multiple shell commands to perform memory operations and task hooks. There is a potential for command injection in Phase 3 where
${results}(the output of code analysis) is interpolated directly into a shell command line:npx ... --value "${results}". If the analyzed code contains characters that break the shell string, it could lead to arbitrary command execution. - [PROMPT_INJECTION] (LOW): The skill is highly susceptible to indirect prompt injection (Category 8).
- Ingestion points: Code files processed during static analysis and deep analysis phases (SKILL.md).
- Boundary markers: None present. The skill does not define delimiters or instructions to ignore embedded commands in the code being analyzed.
- Capability inventory: Subprocess execution (npx), memory read/write, and notification hooks.
- Sanitization: Absent. There is no evidence that the results of the code analysis are sanitized before being stored in memory or sent via notifications.
Audit Metadata