codebase-analysis
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to execute local Python scripts that perform the analysis. These scripts accept user-provided task descriptions and session IDs as command-line arguments. While the Python implementation uses the safe
subprocess.runmethod with argument lists to avoid shell injection, the initial invocation inSKILL.mdrelies on environment variable substitution which depends on platform-level sanitization. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function is to read and summarize content from the repository's source code files.
- Ingestion points: The scripts
analyze.pyandanalyze_codebase.pyrecursively scan and read the contents of source files across the entire repository to calculate similarity and extract patterns. - Boundary markers: The output report does not include explicit boundary markers or instructions to the agent to ignore potentially malicious commands embedded within the code comments or documentation it summarizes.
- Capability inventory: The agent invoking this skill has access to the
BashandReadtools, providing a path for executing instructions if it is tricked into following a malicious pattern extracted from the codebase. - Sanitization: The skill extracts keywords and function signatures using regular expressions but does not sanitize the text for prompt injection patterns before presenting implementation suggestions to the agent.
Audit Metadata