analyze-with-file
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill reads codebase files and performs web searches via
web.runto provide research context. This is consistent with its stated purpose, and there is no evidence of automated harvesting of sensitive credentials. - [COMMAND_EXECUTION]: Shell commands are used via
functions.exec_commandfor session initialization (e.g.,git,mkdir,test) and workflow completion (e.g.,ccw issue create). These commands are static or use validated session identifiers. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface detected.
- Ingestion points: Reads local codebase content in Phase 2 and accepts user-driven analysis topics (SKILL.md).
- Boundary markers: Utilizes structured Markdown sections and JSON artifacts to separate data, though it does not explicitly instruct the model to ignore instructions found within analyzed files.
- Capability inventory: Possesses file write access (
Write), network search access (web.run), and shell execution (functions.exec_command). - Sanitization: No explicit content sanitization or escaping mechanisms are described for data ingested from the codebase.
- [REMOTE_CODE_EXECUTION]: While the skill performs web research, it treats results as informational data for synthesis and does not execute remote scripts or dynamic content from the network.
Audit Metadata