license-scan-scancode
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes the
scancodeCLI tool via shell commands, interpolating a<target-path>placeholder directly into the execution string. This pattern is vulnerable to command injection if the agent fails to sanitize the input path. - EXTERNAL_DOWNLOADS (LOW): The skill directs the user to install
scancode-toolkitviapip. While this is a well-known and reputable compliance tool, it constitutes an external dependency. - PROMPT_INJECTION (MEDIUM): The skill is vulnerable to indirect prompt injection (Category 8) due to its core functionality. Ingestion points: It reads and processes all files within the directory path provided by the user. Boundary markers: None; the agent processes raw output from the tool without delimiters separating instructions from untrusted data. Capability inventory: The skill has command execution capability (
scancodevia subprocess) and local file-writing capabilities. Sanitization: There is no evidence of sanitization of the scanner's output before it is summarized by the agent. A maliciously crafted license or file header could contain instructions designed to bias the summary or trick the agent into misreporting compliance status.
Audit Metadata