dependency
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted local data from the filesystem (code files, documentation, and feature plans) while maintaining access to sensitive tools, creating a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read various local project files, feature/PBI/plan files, and documentation.
- Boundary markers: There are no explicit delimiters or instructions to ignore commands that may be embedded within the ingested files.
- Capability inventory: The skill is authorized to use Read, Write, Grep, Glob, Bash, and Edit tools.
- Sanitization: There is no evidence of validation or sanitization of external content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes a project-local Python script ('.claude/scripts/code_graph') via the Bash tool to perform automated graph analysis and dependency tracing on the codebase.
Audit Metadata