optimize
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface identified. The skill's core functionality involves processing untrusted external data with high-privilege tools. \n
- Ingestion points: Data enters the agent's context via the
Read,Grep, andGlobtools as specified in the allowed-tools metadata. \n - Boundary markers: The instructions lack delimiters or specific directives to help the agent distinguish between code logic and potentially malicious instructions hidden in comments or strings. \n
- Capability inventory: The skill is granted access to the
Bashtool, which can execute arbitrary shell commands on the host system. \n - Sanitization: There is no requirement for input validation or escaping for the data retrieved from external files before it is used in the agent's reasoning process.
Audit Metadata