scrape-codegen-generate

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from extraction analysis files to generate executable Python code, creating a surface for indirect prompt injection.
  • Ingestion points: The agent reads content from {spec_path} and all JSON files in the {work_path}/codegen-analyze/ directory (e.g., detail-1.json, detail-2.json).
  • Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded within the JSON analysis data.
  • Capability inventory: The skill utilizes Read and Bash tools to ingest data and the Write tool to save the resulting Python module to {output_path}.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the JSON files before using it to synthesize the final page object class.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 05:23 AM
Security Audit — agent-trust-hub — scrape-codegen-generate