audit-full
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because its core function is to read and analyze untrusted source code and configuration files from external projects.
- Ingestion points: The agent loads the entire codebase using the
ReadandGlobtools as part of the analysis workflow defined inSKILL.mdandreferences/report-structure.md. - Boundary markers: The skill lacks specific instructions or structural delimiters to prevent the agent from following malicious instructions that might be embedded within the audited files (e.g., comments or documentation designed to subvert the agent's logic).
- Capability inventory: The agent has significant capabilities, including the
Bashtool,Grep,TaskCreate, andReadacross the filesystem. - Sanitization: No sanitization or content filtering is performed on the ingested code before analysis.
- [COMMAND_EXECUTION]: The skill executes a local shell script (
scripts/estimate-tokens.sh) using theBashtool to calculate codebase metrics. While the script is part of the skill, its execution relies on project paths, which requires the agent to handle directory names safely to avoid command injection. - [EXTERNAL_DOWNLOADS]: The documentation (
references/dependency-audit-guide.md) directs the agent to utilize standard security tools likenpm audit,pip-audit, andgovulncheck. These are well-known industry standards used for their intended security-auditing purposes.
Audit Metadata