dash-audit
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves executing a local binary at '/home/bjorn/.codex/skill-support/bin/ui-audit-preflight'. Although the path aligns with the author's name, execution of external binaries relies on environment security.
- [COMMAND_EXECUTION]: The skill instructs the agent to 'verify the affected path with repo-native commands'. This allows the execution of arbitrary scripts defined within the repository under audit. If the repository is malicious, this capability could be exploited to run harmful code.
- [PROMPT_INJECTION]: The skill reads 'AGENTS.md' and other repository files, providing a vector for indirect prompt injection where malicious instructions in the audited code could influence agent behavior.
- Ingestion points: 'AGENTS.md' and source code files mentioned in SKILL.md.
- Boundary markers: Not present.
- Capability inventory: Execution of 'ui-audit-preflight' and repository-defined commands.
- Sanitization: No sanitization or validation of repository content is mentioned.
Audit Metadata