trailmark
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the 'trailmark' package using 'uv pip install'. This package is the primary component of the skill and is maintained by the skill's author, Trail of Bits.
- [COMMAND_EXECUTION]: The skill executes shell commands using 'uv run trailmark' to perform static analysis tasks. These operations are essential to the tool's documented purpose and are restricted to querying the generated code graph.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it analyzes external source code which may contain malicious instructions designed to influence the agent's behavior during analysis. 1. Ingestion points: Code directories provided as arguments to the 'QueryEngine' or CLI tools as seen in 'SKILL.md' and 'references/query-patterns.md'. 2. Boundary markers: No specific delimiters or safety prompts are used to isolate the ingested code content from the analysis logic. 3. Capability inventory: The skill can execute shell commands ('SKILL.md') and perform local file writes ('references/query-patterns.md'). 4. Sanitization: No explicit sanitization or filtering of the target source code is performed before the graph is constructed.
Audit Metadata