fallow
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard development utility providing static analysis and codebase maintenance functionality.\n- [EXTERNAL_DOWNLOADS]: Documentation instructs the user to install the 'fallow' CLI via official and well-known package registries (npm, cargo).\n- [COMMAND_EXECUTION]: The agent is tasked with executing 'fallow' CLI commands and standard development tools (git, npm) to perform codebase audits and apply code fixes.\n- [DATA_EXFILTRATION]: The skill includes functionality for uploading project inventory, source maps, and runtime coverage data to the vendor's official cloud service (api.fallow.cloud), consistent with its documented monitoring features.\n- [PROMPT_INJECTION]: Rule 8 in the agent instructions serves as a critical security guard, directing the agent to treat project configurations as untrusted input and explicitly disregard any instructions embedded within remote configuration files.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Evaluation:\n
- Ingestion points: Local project configuration files (e.g., .fallowrc.json) and codebase source files (JS/TS).\n
- Boundary markers: The agent is instructed to use structured JSON output (--format json) and explicit flags to maintain data/instruction boundaries.\n
- Capability inventory: Modification of local source files (via 'fix' command) and shell command execution.\n
- Sanitization: Mandatory instructions (Rule 8) require the agent to ignore natural language instructions found in configurations and treat them purely as data.
Audit Metadata