code-quality
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands (
git diff,ruff check,uv run mypy, andpytest) to perform its core functions. This creates a potential command injection surface if a malicious actor creates files with names containing shell metacharacters (e.g.,; rm -rf / ;.py), which might be executed if the agent's shell tool does not adequately sanitize inputs. - [PROMPT_INJECTION]: The skill reads and processes local source code, passing it to external tools and a sub-agent (
code-simplifier:code-simplifier). This allows for indirect prompt injection, where malicious instructions embedded in code comments or string literals within the analyzed files could attempt to manipulate the agent's logic or the sub-agent's output. - Ingestion points: Local Python files identified in the
synapse/ortests/directories viagit diffor directory scanning. - Boundary markers: None. The skill does not specify the use of delimiters or 'ignore instructions' markers when passing code content to tools or sub-agents.
- Capability inventory: Executes shell commands and invokes sub-agents based on file content.
- Sanitization: The skill only filters for the
.pyfile extension and does not sanitize or validate the content of the files before processing.
Audit Metadata