audit-security
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external content from the codebase being audited.
- Ingestion points: Reads from project documentation and source code via Read, Glob, and Grep tools (SKILL.md).
- Boundary markers: No delimiters or protective instructions are used when incorporating file content into the agent's context.
- Capability inventory: The skill has access to the Bash tool and file system write capabilities within the .chalk directory.
- Sanitization: Ingested codebase content is analyzed without escaping or explicit validation before processing.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform legitimate security tasks such as running dependency scanners (npm audit, pip audit). While these are standard security operations, the use of a shell environment to process untrusted directory structures is an identified capability.
Audit Metadata