investigation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses shell commands like
mkdirwith subshell execution ($(...)) to create dated directories. This is a functional requirement for scaffolding but represents a capability for shell interaction.- EXTERNAL_DOWNLOADS (LOW): The skill recommends cloning external repositories for API review and usingnpxto run theservepackage. These operations involve downloading and interacting with external content.- PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection) risk is present due to the ingestion of untrusted external source code. 1. Ingestion points: External repositories are cloned toscratch/repos/for analysis. 2. Boundary markers: Absent; there are no instructions provided to the agent to treat external code comments or documentation as untrusted data. 3. Capability inventory: The skill allows for file writing, Python execution viauv, and starting local web servers vianpx. 4. Sanitization: No sanitization or validation is applied to the content of cloned repositories before processing.
Audit Metadata