sync
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local environment analysis using standard system utilities to gather project metadata.
- Executes
grepto scan for code patterns such as@SaCheckPermission, package names, andTODOtags in theruoyi-modules/directory. - Executes
git logto extract commit summaries, hashes, and dates for activity reporting. - Uses
globpatterns to verify the existence and structure of controller files. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes file content from the local environment.
- Ingestion points: Content is ingested from
.javafiles and Git history through the output ofgrepandgitcommands. - Boundary markers: The skill does not explicitly instruct the agent to use delimiters or ignore embedded instructions within the source code being scanned.
- Capability inventory: Capabilities are restricted to read-only command execution and markdown report generation; no network or file-write operations are defined.
- Sanitization: No explicit sanitization or validation of the scanned file content is performed before the agent summarizes the data.
Audit Metadata