cook-auto-parallel
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script at '.claude/scripts/code_graph' to perform dependency tracing and code analysis. This subprocess execution is part of the tool's intended functionality for analyzing the project structure but involves executing code from the workspace.
- [PROMPT_INJECTION]: The skill processes untrusted external data such as project documentation, test specifications, and research reports. This ingestion creates a surface for indirect prompt injection. The skill mitigates this risk by implementing 'Red Flag Stop Conditions' that mandate user intervention for security-sensitive code, breaking changes, or low-confidence decisions.
Audit Metadata