Skills
skills/popup-studio-ai/bkit-claude-code/phase-8-review/Gen Agent Trust Hub

phase-8-review

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Task tool to execute shell commands like grep for pattern matching and duplicate code detection within the source directory. These commands are statically defined and intended for code analysis.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from the local codebase (src/, docs/, etc.). A malicious file within the scanned project could contain instructions designed to influence the agent's behavior during the review process.
  • Ingestion points: Files within the project directory accessed via Read, Glob, Grep, and LSP tools.
  • Boundary markers: None; there are no instructions provided to clearly distinguish between the agent's operating instructions and the code being analyzed.
  • Capability inventory: The agent has access to Task (shell execution), Read, Glob, Grep, and LSP tools.
  • Sanitization: No explicit sanitization or validation of the ingested code content is performed before it is analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:53 AM
Security Audit — agent-trust-hub — phase-8-review