Skills
skills/affaan-m/everything-claude-code/iterative-retrieval/Gen Agent Trust Hub

iterative-retrieval

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted codebase data into the agent's reasoning loop, creating an attack surface for indirect prompt injection.
  • Ingestion points: The 'DISPATCH' phase and the retrieveFiles function described in SKILL.md are points where external file content is introduced to the agent.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' directives to prevent the agent from executing instructions found within the retrieved files.
  • Capability inventory: The pattern relies on the agent's ability to read local files, score their relevance, and identify gaps in context.
  • Sanitization: There is no evidence of sanitization or filtering logic to detect or neutralize malicious content embedded in the codebase files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:49 AM