Skills
skills/wisdomgraph/mega-code/mega-code-status/Gen Agent Trust Hub

mega-code-status

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands and vendor-specific CLI tools using uv run to verify authentication and retrieve pipeline status information.
  • [DATA_EXFILTRATION]: Accesses the local file system at ~/.local/share/mega-code/ to read configuration paths and metadata about pending items. This access is restricted to the skill's own operational data.
  • [PROMPT_INJECTION]: The skill ingests untrusted data by reading and displaying descriptions from markdown files located in pending-skills and pending-strategies directories.
  • Ingestion points: Reads description: fields from SKILL.md and titles from various .md files in ~/.local/share/mega-code/data/.
  • Boundary markers: None identified.
  • Capability inventory: Uses Bash and Read permissions to list and parse file contents.
  • Sanitization: Employs head -c 60 to truncate the displayed metadata, which provides a minor degree of mitigation against large-scale injection payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 02:30 AM