fallow

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a standard development utility providing static analysis and codebase maintenance functionality.\n- [EXTERNAL_DOWNLOADS]: Documentation instructs the user to install the 'fallow' CLI via official and well-known package registries (npm, cargo).\n- [COMMAND_EXECUTION]: The agent is tasked with executing 'fallow' CLI commands and standard development tools (git, npm) to perform codebase audits and apply code fixes.\n- [DATA_EXFILTRATION]: The skill includes functionality for uploading project inventory, source maps, and runtime coverage data to the vendor's official cloud service (api.fallow.cloud), consistent with its documented monitoring features.\n- [PROMPT_INJECTION]: Rule 8 in the agent instructions serves as a critical security guard, directing the agent to treat project configurations as untrusted input and explicitly disregard any instructions embedded within remote configuration files.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface Evaluation:\n
  • Ingestion points: Local project configuration files (e.g., .fallowrc.json) and codebase source files (JS/TS).\n
  • Boundary markers: The agent is instructed to use structured JSON output (--format json) and explicit flags to maintain data/instruction boundaries.\n
  • Capability inventory: Modification of local source files (via 'fix' command) and shell command execution.\n
  • Sanitization: Mandatory instructions (Rule 8) require the agent to ignore natural language instructions found in configurations and treat them purely as data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:37 AM
Security Audit — agent-trust-hub — fallow