code-audit-readonly
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by sequentially reading all files in a repository and processing them without user confirmation or explicit boundary markers. * Ingestion points: all repository files (SKILL.md). * Boundary markers: absent (the skill lacks instructions to ignore embedded instructions in the audited data). * Capability inventory: file-write for 'improvements.md' and shell execution for auxiliary checks and tests. * Sanitization: absent.
- [COMMAND_EXECUTION]: The skill permits running auxiliary checks and repository tests in read-only mode. Executing arbitrary code found in an untrusted repository (such as test scripts) can lead to command execution on the agent's host environment.
Audit Metadata