mega-code-run
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Python modules using
uv runfrom a directory path resolved from~/.local/share/mega-code/plugin-root. These commands are used for authentication checks, running the extraction pipeline, and reviewing results. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes Claude Code session data to generate reusable skills.
- Ingestion points: Claude Code sessions identified via project or session ID in SKILL.md.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are provided in the markdown; management is deferred to the mega_code Python client.
- Capability inventory: The skill utilizes Bash, Write, and Edit tools as defined in SKILL.md, which could be exploited if the pipeline output is influenced by malicious content in the sessions.
- Sanitization: Sanitization and validation are handled internally by the mega_code client modules and are not visible in the skill definition.
Audit Metadata