model-usage
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash scripts and standard Unix utilities like jq, awk, and bc to process local session logs for analytics. These commands are executed locally and are restricted to log processing.
- [DATA_EXFILTRATION]: Accesses the .codebuddy/sessions/ directory to read usage metadata for reporting. No evidence of unauthorized file access or network-based exfiltration was found.
- [PROMPT_INJECTION]: The skill ingests data from local JSON session files, representing an indirect prompt injection surface. Ingestion points: .codebuddy/sessions/*.json. Boundary markers: Structured jq parsing is used to isolate fields. Capability inventory: File read access and shell-based calculation tools (awk, bc). Sanitization: None beyond structural field extraction.
Audit Metadata