explore

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local scripts ('dependency-mapper.sh' and 'render-spec.mjs') for repository analysis and report validation. These scripts are part of the skill's distribution and perform expected local processing.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted repository content (files matched by 'src/**' and others) and interpolates it into sub-agent prompts. Evidence: (1) Ingestion points: Read, Grep, and Glob on codebase files; (2) Boundary markers: Absent, prompts use natural language instructions only; (3) Capability inventory: Sub-agents can use Task and Bash tools; (4) Sanitization: No content filtering or escaping is applied before passing data to agents.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:10 PM
Security Audit — agent-trust-hub — explore