code-audit
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mddirect the agent to detect the host operating system and use package managers such asapt,brew,pip, andnpmto install missing dependencies. It explicitly recommends the use ofsudofor Linux distributions (apt/dnf) to perform these installations.\n- [REMOTE_CODE_EXECUTION]: Thescripts/tools/runner.mjsscript utilizesexecFileto run external audit tools. While the skill provides a registry of known tools inscripts/tools/registry.mjs, the instructions inSKILL.mdempower the agent to select and install 'any tool that would be particularly useful' for the detected ecosystem, creating a vector for the execution of untrusted software.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). \n - Ingestion points: The
scripts/utils/fs-walk.mjsandscripts/utils/line-reader.mjsmodules recursively read content from the user's codebase.\n - Boundary markers: Absent. No specific delimiters or instructions are used to separate raw code content from agent instructions in the reporting phase.\n
- Capability inventory: The tool has file-write capabilities via
scripts/audit.mjs(writing toCODE_AUDIT_REPORT.md) and shell execution viascripts/tools/runner.mjs.\n - Sanitization: Absent. Extracted code snippets from the audited files are included directly in the markdown report without sanitization, which could lead to malicious content being presented as authoritative audit findings.
Audit Metadata