codebase-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface via untrusted codebase ingestion.
- Ingestion points: The skill is designed to read and process arbitrary files within a user's repository during the 'Exploration' and 'Deep Analysis' phases (README.md, SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to disregard instructions embedded within the analyzed code or documentation.
- Capability inventory: High. The skill uses Python scripts to orchestrate subagents and perform systematic investigation across the filesystem, which could be exploited to execute instructions found in the codebase.
- Sanitization: Absent. Content from the codebase is directly processed and synthesized into prioritized recommendations, allowing malicious instructions to influence the agent's planning phase.
- [COMMAND_EXECUTION] (MEDIUM): Mandatory immediate execution of local Python modules.
- Evidence: SKILL.md invokes
python3 -m skills.codebase_analysis.analyze --step 1immediately upon activation. - Context: Both SKILL.md and CLAUDE.md explicitly instruct the agent to 'IMMEDIATELY invoke the script' and 'do NOT explore first'. This directive is a suspicious pattern that attempts to bypass the agent's ability to audit the script logic or the target codebase for safety before the tool is used.
Recommendations
- AI detected serious security threats
Audit Metadata