codebase-audit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several powerful CLI tools including
gitfor branch and worktree management,gh(GitHub CLI) for issue and pull request operations, andnpmfor building and testing code. These operations are core to the skill's purpose but require broad environment access. - [EXTERNAL_DOWNLOADS]: In its dependency audit phase (
references/dependency-audit.md), the skill can runnpm installto upgrade or override packages. This involves downloading and potentially executing scripts from the public npm registry. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it reads and processes the entire content of a target codebase.
- Ingestion points: The
codebase-auditworkflow andreview-strategy.mdinstruct the agent to read all source files in the target directory (defaultmcp/src/). - Boundary markers: There are no explicit instructions or delimiters used to separate the content being audited from the agent's instructions, nor are there warnings to ignore instructions found within those files.
- Capability inventory: The skill has the capability to execute shell commands (
git,gh,npm), write to the filesystem, and push to remote repositories. - Sanitization: There is no evidence of sanitization or validation of the content read from the source files before it is processed by the agent. A malicious instruction embedded in a comment or string within the audited codebase could potentially influence the agent's behavior.
Audit Metadata