sage
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary entry point (
run_skill.js) facilitates the execution of internal verification tools usingchild_process.spawn. Additionally,tools/verify-change/scripts/change_analyzer.jsexecutes the systemgitcommand to analyze the repository state. These operations are restricted to local scripts and standard development tools required for the skill's auditing functions. - [PROMPT_INJECTION]: Several tools within the skill, such as
security_scanner.js,doc_generator.js, andmodule_scanner.js, read and process local files (source code and documentation). This establishes a surface for indirect prompt injection, as malicious instructions within audited files could be returned to the agent and potentially influence its subsequent reasoning. This risk is inherent to any tool designed to analyze external content.
Audit Metadata