codebase-audit

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several powerful CLI tools including git for branch and worktree management, gh (GitHub CLI) for issue and pull request operations, and npm for building and testing code. These operations are core to the skill's purpose but require broad environment access.
  • [EXTERNAL_DOWNLOADS]: In its dependency audit phase (references/dependency-audit.md), the skill can run npm install to upgrade or override packages. This involves downloading and potentially executing scripts from the public npm registry.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it reads and processes the entire content of a target codebase.
  • Ingestion points: The codebase-audit workflow and review-strategy.md instruct the agent to read all source files in the target directory (default mcp/src/).
  • Boundary markers: There are no explicit instructions or delimiters used to separate the content being audited from the agent's instructions, nor are there warnings to ignore instructions found within those files.
  • Capability inventory: The skill has the capability to execute shell commands (git, gh, npm), write to the filesystem, and push to remote repositories.
  • Sanitization: There is no evidence of sanitization or validation of the content read from the source files before it is processed by the agent. A malicious instruction embedded in a comment or string within the audited codebase could potentially influence the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:57 PM
Security Audit — agent-trust-hub — codebase-audit