shannon
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses 'npx @keygraph/shannon@beta' to fetch and execute logic from the npm registry at runtime. This allows for the execution of code that is not present in the skill's source and can change independently.
- [EXTERNAL_DOWNLOADS]: The skill pulls Docker worker images from Docker Hub to perform scanning tasks. While Docker Hub is a common service, the worker logic is maintained by an external third-party entity (@keygraph).
- [COMMAND_EXECUTION]: The skill executes shell commands to initiate setup and scanning. The 'setup' command opens an interactive TUI designed to collect and configure sensitive AI provider credentials for services like Claude, AWS Bedrock, and Google Vertex AI.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from untrusted repositories and web applications. * Ingestion points: App URLs and repository paths (referenced in SKILL.md). * Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are documented for the scanning process. * Capability inventory: The skill has network access, file system read access, and the ability to run Docker containers (references/shannon-cli.md). * Sanitization: No sanitization or validation of the processed repository content is specified.
Audit Metadata