scan
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes grep and structural analysis routines against the local filesystem to identify code patterns. While these are used for scanning, they involve executing search operations over a user-defined scope.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it loads check definitions from an untrusted source: the
.axiom/checks.mdfile located within the project being scanned. - Ingestion points: The skill ingests raw file content from the project being scanned and specifically loads pattern definitions from
.axiom/checks.md(SKILL.md Step 2). - Boundary markers: There are no documented delimiters or 'ignore embedded instructions' warnings applied to the content loaded from the project-specific check file.
- Capability inventory: The skill possesses the capability to read any file within the resolved scope, execute grep patterns, and perform structural analysis (SKILL.md Step 4).
- Sanitization: The instructions do not describe any sanitization or validation of the grep patterns or structural checks loaded from the optional project-specific catalog, potentially allowing a malicious actor to craft patterns that exploit the pattern matching engine or influence agent behavior.
Audit Metadata