Skills
skills/tencentcloudbase/cloudbase-mcp/codebase-audit/Gen Agent Trust Hub

codebase-audit

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several powerful CLI commands to perform its auditing and fixing workflow.\n
  • Evidence:\n
  • find is utilized in references/review-strategy.md to identify source files for review.\n
  • git is used extensively in references/worktree-fix.md for branch management, worktree operations, and pushing code changes (including the use of --force on specific remotes).\n
  • npm commands (npm install, npm ci, npm run build, npm run test) are used throughout the fix and verification phases in references/worktree-fix.md and references/dependency-audit.md.\n
  • gh (GitHub CLI) is employed in references/issue-workflow.md and references/dependency-audit.md to manage issues, pull requests, and Dependabot alerts via API calls.\n- [DATA_EXFILTRATION]: The skill accesses local source code and environment data, then transmits it to external platforms.\n
  • Evidence:\n
  • Vulnerability findings, which may contain sensitive code snippets or architecture details, are posted to GitHub as issues and Pull Request descriptions using the gh tool.\n
  • Code modifications and fixes are pushed to remote repositories named github and cnb in references/worktree-fix.md. Given the skill is authored by TencentCloudBase, the cnb remote is recognized as a legitimate vendor-owned resource.\n- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection due to its core function of auditing untrusted code.\n
  • Ingestion points: The skill reads and processes all source files within the target directory (e.g., mcp/src/) using code-explorer and find, as specified in references/review-strategy.md.\n
  • Boundary markers: Absent; the instructions do not require the use of delimiters or specific safety markers to differentiate audited code from agent instructions.\n
  • Capability inventory: The skill possesses high-privilege capabilities including the ability to execute shell scripts (via npm and git), modify the file system, and interact with the GitHub API.\n
  • Sanitization: Absent; there is no stated procedure for sanitizing, validating, or escaping content from the audited codebase before it is ingested by the agent or reported in issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 06:57 AM