Skills
skills/duc01226/easyplatform/graph-build/Gen Agent Trust Hub

graph-build

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Runs a local script .claude/scripts/code_graph to parse the project and store results in a local SQLite database.\n- [EXTERNAL_DOWNLOADS]: Recommends standard open-source dependencies (tree-sitter, tree-sitter-language-pack, networkx) from the official PyPI registry for syntax analysis.\n- [PROMPT_INJECTION]: As a code intelligence tool, it parses untrusted repository content. While this creates a surface for indirect prompt injection, it is the primary intended function of the skill.\n
  • Ingestion points: Local codebase files processed by Tree-sitter.\n
  • Boundary markers: Not specified in the markdown.\n
  • Capability inventory: Bash, Read, AskUserQuestion.\n
  • Sanitization: Not specified in the markdown.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:25 AM
Security Audit — agent-trust-hub — graph-build