code-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various project-specific shell commands for testing (e.g., npm test, pytest) and linting (e.g., eslint, ruff) based on local project files. Evidence found in SKILL.md (Step 4, 5, 6).
- [EXTERNAL_DOWNLOADS]: The skill recommends installing established packages like @opennextjs/cloudflare for project integration. This targets a well-known service ecosystem.
- [DATA_EXFILTRATION]: Performs git push operations to update remote repositories with implemented code. It includes best-practice advice to avoid staging untracked files or secrets using 'git add ' in SKILL.md (Step 7).
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external, potentially attacker-controlled sources.
- Ingestion points: SKILL.md (Step 1) reads task descriptions, issue bodies, and PR comments.
- Boundary markers: Absent; the skill does not define clear delimiters for untrusted content.
- Capability inventory: The skill possesses the ability to execute shell commands (Step 4, 5) and perform network operations via git push (Step 7) in SKILL.md.
- Sanitization: No explicit input validation or sanitization routines are defined.
Audit Metadata