sast-detekt
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Command Execution (HIGH): The skill instructions include running
./gradlew detekt. The Gradle wrapper is a script located within the target repository; executing it on untrusted code allows that code to run with the agent's privileges. - Indirect Prompt Injection (HIGH):
- Ingestion points: Processes Kotlin source code through
detektand reads the resultingdetekt-results.jsonfile (SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to treat the JSON report content as untrusted data or use delimiters.
- Capability inventory: Includes shell command execution via
detektand./gradlew(SKILL.md). - Sanitization: Absent. The agent is instructed to 'Parse the results' and 'Summarize', which involves direct interaction with tool output that could be manipulated by an attacker providing a malicious codebase.
- External Downloads (LOW): Execution of Gradle typically involves downloading the Gradle distribution and various dependencies from external repositories, which is standard behavior but should be noted when running in restricted environments.
Recommendations
- AI detected serious security threats
Audit Metadata