codebase-singularity
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists entirely of instructional Markdown content. There are no executable scripts, binaries, or external dependencies included in the skill package.
- [COMMAND_EXECUTION]: The workflow in SKILL.md explicitly instructs the agent to execute "validation commands" (such as tests, linting, or builds) provided as input. This leverages the agent's command-line capabilities to verify changes within the local environment.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it is designed to ingest and process untrusted repository data while possessing high-impact capabilities.
- Ingestion points: Instructions in SKILL.md direct the agent to read repository files and READMEs for context during the priming phase.
- Boundary markers: Absent. There are no explicit delimiters or instructions provided to the agent to disregard instructions found within the ingested files.
- Capability inventory: As described in SKILL.md, the agent is granted the capability to implement code patches and execute arbitrary shell commands for validation.
- Sanitization: Absent. No sanitization or validation of the repository content is specified before the agent processes it.
Audit Metadata