cook-auto
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local utility at
.claude/scripts/code_graphto analyze codebase structure and trace dependencies. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its data ingestion surfaces. 1. Ingestion points: The skill reads untrusted data from the
$ARGUMENTSvariable and from project files that may contain injected content. 2. Boundary markers: The<tasks>tag is used to delimit task-specific arguments. 3. Capability inventory: The skill can execute local scripts, perform file system operations, and trigger internal agent slash commands like/planand/code. 4. Sanitization: While it lacks traditional input filtering, it defines strict Red Flag Stop Conditions that halt execution and require user intervention when security-sensitive code (e.g., auth, crypto, PII) is encountered. - [SAFE]: The skill implements rigorous operational guardrails, including confidence-based stopping (below 60%), blast-radius limits (20 files), and mandatory evidence-based pattern matching before modifications are allowed.
Audit Metadata