skills/ascend-ai-coding/awesome-ascend-skills/external-gitcode-ascend-megatron-impact-mapper/Gen Agent Trust Hub
external-gitcode-ascend-megatron-impact-mapper
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests migration event data from an external JSON file and uses it to construct the final impact report, which could influence subsequent agent reasoning. 1. Ingestion points: The map_implementation_targets.py script reads data from a user-specified file via the --events argument. 2. Boundary markers: Absent; the report output does not employ specific delimiters or instruction-ignore warnings to encapsulate untrusted data. 3. Capability inventory: The skill can execute git and ripgrep commands to manage local repositories and search files. 4. Sanitization: Natural language fields from the input are incorporated into the report without explicit escaping or validation.
- [COMMAND_EXECUTION]: The scripts map_implementation_targets.py and scan_mindspeed_paths.py use subprocess.run to execute git for repository management and ripgrep (rg) for code searching. These calls use list-based arguments for their intended functional purposes and are necessary for the skill's mapping logic.
- [EXTERNAL_DOWNLOADS]: The skill synchronizes source code from the official MindSpeed repository on GitCode using git clone. This operation targets vendor infrastructure and is essential for branch alignment and impact analysis.
Audit Metadata