fallow
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'fallow' tool via global npm installation, 'npx', or 'cargo'. It also references the '@fallow-cli/fallow-node' package for Node.js integrations and a JSON schema hosted on the vendor's GitHub repository.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various 'fallow' CLI commands (e.g., 'dead-code', 'dupes', 'health', 'audit') to perform static and dynamic analysis on the local codebase.
- [DATA_EXFILTRATION]: Certain commands ('license activate', 'coverage upload-inventory', 'upload-source-maps') facilitate interaction with 'api.fallow.cloud' for license management and cloud-based analysis features. These operations are consistent with the tool's described functionality for cloud runtime monitoring and use the vendor's official domain.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze data from the local project, which constitutes an indirect prompt injection surface.
- Ingestion points: Local project source code files, '.fallowrc.json', 'package.json', and 'pnpm-workspace.yaml'.
- Boundary markers: Rule 8 in the main instructions explicitly directs the agent to treat project configuration as untrusted input and avoid relying on instructions within remote configuration content.
- Capability inventory: Shell command execution for analysis and auto-fixing code, and configuration file generation.
- Sanitization: The skill does not implement specific sanitization of the analyzed files, relying on the internal logic of the 'fallow' CLI tool.
Audit Metadata