Skills
skills/sd0xdev/sd0x-dev-flow/code-investigate/Gen Agent Trust Hub

code-investigate

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by ingesting and processing untrusted data from the codebase being analyzed.
  • Ingestion points: The skill uses Read, Grep, and Glob tools to search and read content from the local project files (e.g., in SKILL.md Phases 1 and 2).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent or the Codex tool to ignore potential instructions embedded within the codebase content (e.g., malicious markdown comments or code comments).
  • Capability inventory: The skill possesses the capability to invoke the mcp__codex__codex tool with approval-policy: 'never', which allows the sub-agent to execute shell commands (likely for exploration) without user intervention. It also has access to Bash restricted to git operations.
  • Sanitization: No sanitization, escaping, or validation of the code content is performed before it is interpolated into prompts or used to influence the investigation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:12 AM