systematic-qa
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's core functionality involves identifying and running arbitrary shell commands extracted from local project files (e.g.,
Makefile,package.json,Cargo.toml). This allows the agent to execute any script defined by the repository's author. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to malicious instructions embedded within the codebase it analyzes.
- Ingestion points:
scripts/discover-project-contract.pyparsesMakefile,Justfile,package.json,go.mod,Cargo.toml, andpyproject.toml. - Boundary markers: Not present. There are no instructions to verify or restrict the types of commands discovered from these files.
- Capability inventory: The skill is authorized to perform package installations (Step 3.1), run verification gates (Step 3.2), modify source code (Step 5.4), and execute user-defined scenarios (Step 4).
- Sanitization: Not present. Commands are retrieved and executed without validation against a whitelist or security policy.
- [EXTERNAL_DOWNLOADS]: The skill performs runtime installation of dependencies using ecosystem-standard tools (npm, pip, poetry, etc.), which involves fetching and executing code from external package registries.
Audit Metadata