qa-quick
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's core functionality involves identifying and executing shell commands found in the repository's configuration files (e.g., Makefile, package.json). This allows for the execution of arbitrary code defined in the target repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It parses untrusted configuration data from the repository being audited to generate execution plans for the agent. * Ingestion points: scripts/discover-project-contract.py reads Makefile, package.json, go.mod, Cargo.toml, and pyproject.toml. * Boundary markers: Absent. There are no delimiters or instructions to ignore embedded instructions in the audited files. * Capability inventory: The skill leverages terminal access to run installs, builds, tests, and start services as defined in SKILL.md. * Sanitization: Absent. Discovered commands are executed without validation or sanitization.
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to perform dependency installations (e.g., npm install, pip install, cargo fetch) which involves downloading code from remote package registries based on the audited repository's configuration.
Audit Metadata