audit-artifacts
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinlib/workflow_state/parity.pyto callnpx skills ls -g --jsonfor discovering installed utilities. This execution depends on the local shell environment and the availability of Node.js. - [REMOTE_CODE_EXECUTION]: The use of
npxinlib/workflow_state/parity.pycan potentially trigger automatic downloads and execution of packages from the npm registry if the tool is not present in the local cache, introducing code from an external source. - [EXTERNAL_DOWNLOADS]: The
npxcommand used for parity checking creates a network dependency on the npm registry, allowing the environment to fetch and install software during runtime. - [PROMPT_INJECTION]: The skill processes untrusted repository data such as registries and markdown tables, which could be used for indirect prompt injection.
- Ingestion points: Metadata JSON files,
registry.json, andslice-traceability.mdare loaded inlib/workflow_state/inventory.py. - Boundary markers: No explicit delimiters or boundary markers are used to isolate user-controlled data from agent instructions.
- Capability inventory: The skill has access to shell execution (
subprocess.run) and Python module loading (importlib). - Sanitization: The skill uses standard regex and JSON parsing but lacks natural language sanitization to prevent the interpretation of embedded instructions.
Audit Metadata