graphicode-dev-assembler
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to read and write files within the project directory.
- Evidence:
SKILL.mdinstructs the agent to usecatto readREADME.yamlandechoto write generated code toindex.ts(or other language-specific files). - Risk: The use of shell commands with user-provided variables like
<flowDir>and<flowId>creates a surface for path traversal if the agent does not validate that these paths remain within the intended workspace. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) through its ingestion of untrusted project data.
- Ingestion points: The agent reads
README.yamlandgraphig.mdfrom the local filesystem. - Boundary markers: There are no instructions for the agent to use delimiters or to disregard instructions embedded within the data it processes.
- Capability inventory: The skill has the ability to read arbitrary files and write executable code to the disk via shell commands.
- Sanitization: No sanitization or schema validation logic is provided for the YAML content.
- Risk: Maliciously crafted flow definitions could attempt to manipulate the code generation logic, causing the agent to output backdoored code or perform unauthorized file operations during the assembly process.
- [DATA_EXFILTRATION]: The skill's file-reading capability represents a potential data exposure risk.
- Evidence: The
catcommand is used to read files based on user-supplied identifiers. - Risk: If the input paths are manipulated (e.g., via path traversal), the agent could be tricked into reading and exposing sensitive files such as credentials or environment variables located outside the project directory.
Audit Metadata