apoco-backend-review
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external candidate code and challenge requirements. Ingestion points: The skill fetches the challenge README from 'https://github.com/ApocoHQ/backend-code-challenge' and analyzes candidate submission files as described in SKILL.md. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are used when processing the ingested content. Capability inventory: The skill uses file system write access to create review reports ('review-[candidate-name-or-repo].md'). Sanitization: No sanitization or validation of input content is performed.
- [EXTERNAL_DOWNLOADS]: Fetches challenge requirements from the official ApocoHQ repository on GitHub.
Audit Metadata