trace-artifacts
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
npx skills ls -g --jsonviasubprocess.runinlib/workflow_state/parity.pyto identify installed skills for parity verification. - [EXTERNAL_DOWNLOADS]: The parity check logic utilizes
npx, a well-known developer tool, which may fetch theskillspackage from the official npm registry if it is not present in the local cache. - [REMOTE_CODE_EXECUTION]: In
lib/workflow_state/inventory.py, the skill usesimportlib.utilto dynamically load and execute logic from other local scripts within the repository, such asmanage_proposals.py. This mechanism is used to resolve cross-skill configuration. - [PROMPT_INJECTION]: The skill processes untrusted repository artifacts, which represents a surface for indirect prompt injection.
- Ingestion points: Reads
slice-traceability.mdandregistry.jsoninlib/workflow_state/inventory.py. - Boundary markers: None present; the parser identifies structured table and JSON data directly.
- Capability inventory: Includes command execution (
subprocess.run) and dynamic code loading (importlib). - Sanitization: Data is parsed into structured models but not explicitly sanitized before being presented to the agent.
Audit Metadata