find-duplication
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to analyze the codebase, including
git diff,uv run pylint, andrg(ripgrep). These are standard development tools used as intended for code analysis within the local environment. - [PROMPT_INJECTION]: The skill processes content from the local
ols/directory, which creates an attack surface for indirect prompt injection. Malicious instructions embedded in the analyzed source code could attempt to influence the agent's reporting or subsequent behavior. - Ingestion points: Local Python files in the
ols/directory accessed during duplication detection. - Boundary markers: No explicit delimiters are used to separate the analyzed code content from the agent's processing instructions.
- Capability inventory: The agent has the capability to execute shell commands (
git,pylint,rg) and read file contents. - Sanitization: The skill does not perform sanitization or validation of the file contents before they are reviewed by the agent.
Audit Metadata