Skills
skills/terrylica/cc-skills/code-clone-assistant/Gen Agent Trust Hub

code-clone-assistant

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute pmd cpd and semgrep. These are standard command-line utilities for code analysis and are used according to the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from the local codebase being scanned and has the capability to modify files through the Edit and Write tools. Malicious instructions hidden in comments within the scanned files could potentially influence the agent's refactoring logic.
  • Ingestion points: Reads files from the current project directory using the Read and Grep tools (Workflow described in complete-workflow.md).
  • Boundary markers: Absent. The workflow does not specify delimiters or instructions for the agent to ignore embedded commands within the scanned files.
  • Capability inventory: The skill is authorized to use Bash, Edit, and Write tools, which allow for code modification and system command execution.
  • Sanitization: Absent. There is no evidence of filtering or validation of the content read from external source files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:51 AM