Codebase Health Reporter
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses the Bash tool to execute standard Unix utilities like find, grep, wc, and git. These commands are pre-defined for metric collection and do not incorporate unsanitized user input or perform network operations.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability (Category 8). The skill ingests untrusted data from git logs and source code content (via grep) to generate a health report. Malicious instructions hidden in commit messages or code comments could influence the agent's summary and recommendations. Ingestion points: git log and source code files. Boundary markers: none. Capability: Write (to CODEBASE_HEALTH_REPORT.md) and Bash. Sanitization: none.
Audit Metadata