mega-code-skill-enhance
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses uv run and bash to execute several internal Python modules (e.g., mega_code.client.check_auth, eval_workspace) and management scripts (launch-viewer.sh) to handle the skill enhancement lifecycle.
- [DATA_EXFILTRATION]: Accesses configuration data stored in ~/.local/share/mega-code/.env and transmits skill data and benchmarks to a remote vendor server via the store-skill command for version tracking.
- [REMOTE_CODE_EXECUTION]: Spawns isolated agent CLI instances using the skill_enhance_runner to perform side-by-side performance evaluation.
- [EXTERNAL_DOWNLOADS]: Leverages the uv package manager which may fetch or update dependencies within the mega_code ecosystem.
- [PROMPT_INJECTION]: Ingests third-party skill content and user feedback to generate improved agent instructions, forming an indirect prompt injection surface. * Ingestion points: Reads the target SKILL.md file and feedback.json. * Boundary markers: No explicit delimiters or ignore-instruction warnings are visible in the enhancement phase instructions. * Capability inventory: Extensive use of Bash for file operations and subprocess execution. * Sanitization: Relies on the host LLM for enhancement logic without explicit structural validation.
Audit Metadata