kotlin-in-action
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/setup_detekt.pygenerates local configuration and an executable shell script (run_detekt.sh) to facilitate running the Detekt static analysis tool. This involves programmatic script generation and modification of file permissions. - [EXTERNAL_DOWNLOADS]: The generated documentation and scripts reference official installation methods for the Detekt tool via well-known package managers such as Homebrew and SDKMAN!. These are recognized as trusted sources for development tooling.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its 'Code Review' mode ingests and analyzes untrusted user-provided Kotlin code.
- Ingestion points: User-provided Kotlin source code processed by the agent.
- Boundary markers: None identified in the instruction prompt to isolate or delineate the reviewed code.
- Capability inventory: The skill includes a Python script for file system operations, though the agent is not explicitly instructed to run it.
- Sanitization: No validation or sanitization of the user-provided code blocks is performed before processing.
Audit Metadata