check-similarity
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of the 'similarity-ts' tool from the crates.io registry using 'cargo install'. This downloads and executes code from an external repository during the setup process.
- [COMMAND_EXECUTION]: The agent is instructed to execute the 'similarity-ts' command against the local file system to scan for code similarities.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of source code files. An attacker could include malicious instructions within code comments or string literals that attempt to manipulate the AI agent's refactoring suggestions or influence subsequent steps in the workflow. (Ingestion points: Local source files scanned by the tool; Boundary markers: None present; Capability inventory: The agent generates a 'refactoring plan' based on the analyzed data; Sanitization: None detected.)
Audit Metadata