bug-audit
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is strictly documentation-based, consisting of markdown instructions and reference guides for auditing code. It contains no executable files or scripts.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface as it requires the agent to read untrusted code from external projects.
- Ingestion points: Phase 1 instructions in SKILL.md require reading all files in the project.
- Boundary markers: The skill does not provide delimiters or instructions to ignore commands within audited content.
- Capability inventory: The agent is instructed to read local files to build audit tables.
- Sanitization: There is no requirement for the agent to sanitize or filter the content of the files it reads.
- [NO_CODE]: The skill provides logic via natural language instructions rather than functional code, minimizing the direct risk of script-based attacks.
Audit Metadata