scrape-codegen-generate
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from extraction analysis files to generate executable Python code, creating a surface for indirect prompt injection.
- Ingestion points: The agent reads content from
{spec_path}and all JSON files in the{work_path}/codegen-analyze/directory (e.g.,detail-1.json,detail-2.json). - Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded within the JSON analysis data.
- Capability inventory: The skill utilizes
ReadandBashtools to ingest data and theWritetool to save the resulting Python module to{output_path}. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of the JSON files before using it to synthesize the final page object class.
Audit Metadata