taint-flow-tracer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze external code, which creates a theoretical surface for indirect prompt injection if the analyzed code contains instructions aimed at the agent. Ingestion points: code_path, candidate_source, candidate_sink, and execution_context. Boundary markers: Absent. Capability inventory: Reasoning and text analysis only; no scripts or automation components are included. Sanitization: No input validation is specified for the code being audited. This surface is considered safe as it is fundamental to the skill's purpose as an auditing tool and lacks execution capabilities.
- [SAFE]: No other security concerns were identified. The skill does not access sensitive files, hardcode credentials, or perform any network operations.
Audit Metadata