code-reading
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted codebases, which creates a surface for indirect prompt injection attacks.
- Ingestion points: The agent is instructed to read source files from the target codebase (e.g.,
.py,.js,.gofiles) using search tools or manual inspection. - Boundary markers: No specific delimiters or instructions are provided to the agent to treat the code content as untrusted or to ignore instructions embedded within comments or strings in that code.
- Capability inventory: The skill suggests running local test suites (
pytest,npm test,go test), which executes code from the target codebase. If the codebase is malicious, this could lead to unintended command execution. - Sanitization: No validation or sanitization is performed on the ingested code before analysis or execution.
- [COMMAND_EXECUTION]: The skill encourages the use of shell commands and automated tools to analyze the codebase.
- The protocol includes
grepcommands for searching entry points and error paths, and instructs the agent to run existing tests using common runners. While these are legitimate developer tools, they involve executing code within the user's environment.
Audit Metadata