understand
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill coordinates its analysis workflow using shell commands for git operations, file system management, and environment setup.
- [EXTERNAL_DOWNLOADS]: The skill may execute pnpm install during its initialization phase to ensure its core Node.js dependencies are available within the local plugin directory.
- [REMOTE_CODE_EXECUTION]: Local execution of Python and Node.js scripts bundled with the skill is used to merge analysis results, extract code structure, and validate the knowledge graph.
- [PROMPT_INJECTION]: The skill processes untrusted codebase data such as source code and documentation which exposes it to indirect prompt injection. It employs subagents to interpret this data and uses prompt templates with code block boundaries to mitigate accidental instruction execution.
Audit Metadata