codeql
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The sk il l id e n t if ie s an d ex e c u t e s buil d co m m an d s (e.g., mak e, cm ak e, gr ad l e w, mv n, car g o) an d in s t al l s de p e n d e n c ie s (v ia pip, np m, go mo d) fo u n d in th e tar g e t co d e b as e to en ab l e Co d e QL buil d tr ac in g.\n- [COMMAND_EXECUTION]: It ge n e r at e s diag n o s t ic QL que r ie s an d dat a ex t e n s io n Y AML mo d e l s at ru n t im e, wr it in g th e m to th e fil e sy s t e m an d ex e c u t in g th e m us in g th e Co d e QL CL I.\n- [EXTERNAL_DOWNLOADS]: Th e sk il l fe t c h e s of f ic ial an d co m m u n it y se c u r it y que r y pac k s fro m Git Hu b (e.g., Git Hu bS e c u r it y La b) an d th e v e n d o r's ow n re p o s it o r ie s (tr ail of b it s) to ex p an d sc an n in g cap ab il it ie s.\n- [PROMPT_INJECTION]: Th e sk il l is v u l n e r ab l e to in d ir e c t pro m p t in j e c t io n be c au s e it in g e s t s an d an al y z e s un t r u s t e d so u r c e co d e fro m th e tar g e t pro j e c t wit h ou t saf e t y bo u n d ar ie s.\n
- In g e s t io n po in t s: Th e ag e n t re ad s fil e co n t e n t v ia 'f d', 'r g', an d 'R e a d' to ol s wh il e map p in g AP I s ur f ac e s an d de t e c t in g la n g u ag e s.\n
- Bo u n d ar y mar k e r s: No de l im it e r s or in s t r u c t io n s ar e pro v id e d to pre v e n t th e ag e n t fro m fo l l o w in g mal ic io u s in s t r u c t io n s em b e d d e d in co d e co m m e n t s.\n
- Cap ab il it y in v e n t or y: Th e sk il l ut il iz e s hig h-p riv il e g e to ol s lik e 'Ba s h' an d 'Wr it e', wh ic h co u l d be ex p l o it e d by suc h in j e c t io n s.\n
- San it iz at io n: Co n t e n t fro m th e tar g e t co d e b as e is no t san it iz e d or v al id at e d be fo r e be in g pro c e s s e d by th e L LM.
Audit Metadata