ultraqa
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute repo-native commands for testing, build, and linting processes found within the project's configuration files (e.g.,package.json,Makefile). - [COMMAND_EXECUTION]: The skill modifies project files using the
Writetool to apply diagnostic-based fixes. - [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface:
- Ingestion points: Reads repository configuration files, documentation, and verification command outputs from the local environment.
- Boundary markers: Lacks explicit delimiters to differentiate between trusted instructions and untrusted data from repository content.
- Capability inventory: Uses
Read,Write, andBashtools to execute commands and modify the file system. - Sanitization: No validation or sanitization is performed on repo-native commands or fix content before execution or writing.
Audit Metadata