Ripple
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like
grep,find, andnpx madgeas defined inreferences/analysis-techniques.mdto perform dependency tracking and pattern analysis. These commands are used to read and process the codebase to generate risk assessments and reports. - [EXTERNAL_DOWNLOADS]: The use of
npx madgeinreferences/analysis-techniques.mdmay trigger a download of themadgepackage and its dependencies from the npm registry. As npm is a well-known service, this is a standard development operation. - [PROMPT_INJECTION]: The skill analyzes project source code which could contain malicious instructions. Ingestion points: Project source files analyzed via
grepandmadge(referenced inreferences/analysis-techniques.md). Boundary markers: Not present. Capability inventory: Restricted to read-only shell commands and image generation (e.g.,impact.svg) defined inreferences/analysis-techniques.md, with no network exfiltration or code modification capabilities. Sanitization: No explicit sanitization of input file content is performed.
Audit Metadata