mimir
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automatically detects the project stack and executes corresponding build and test commands, including
npm run build,npm test,pytest, andcargo test. These operations involve executing shell scripts defined within the repository's configuration files (e.g.,package.json), which is a standard but functional risk in auditing tools. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by ingesting and processing untrusted source code and configuration files. Mandatory Evidence Chain: 1. Ingestion points: Reads directory structures, source files (*.ts, *.tsx, *.py, etc.), and configuration files (package.json, requirements.txt, Cargo.toml). 2. Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: Includes the ability to execute shell commands and write audit reports to the filesystem (
.wardstones/mimir-last.json). 4. Sanitization: The skill does not perform sanitization or escaping of external content before analysis.
Audit Metadata