scan
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation and use of two third-party plugins: Lum1104/Understand-Anything and mksglu/context-mode. These are sourced from individual GitHub accounts and are not affiliated with verified organizations or well-known technology services.\n- [COMMAND_EXECUTION]: The skill utilizes standard shell utilities such as find, grep, cat, and git to traverse and read the codebase when external plugins are unavailable.\n- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting untrusted codebase content and using it to generate the AGENTS.md file, which serves as a global instruction set for other agents.\n
- Ingestion points: The skill reads the entire project codebase via find, grep, and cat (referenced in SKILL.md Step 1 fallback and Step 3A).\n
- Boundary markers: No boundary markers or instructions are provided to distinguish between verified code and potentially malicious instructions embedded in comments or source files.\n
- Capability inventory: The skill can read and write files and execute shell commands to summarize codebase architecture.\n
- Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is interpolated into the generated AGENTS.md file.
Audit Metadata