code-instrumentation-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of analyzing untrusted source code to generate instrumented output.
- Ingestion points: User-provided source code for analysis in Workflow Step 1.
- Boundary markers: Absent; the workflow lacks instructions to use delimiters or ignore embedded directives.
- Capability inventory: Generates instrumented source code in Python, Java, JavaScript, and C/C++.
- Sanitization: Absent; no validation or escaping of the input source code is performed before generating output.
- [NO_CODE]: The skill package is composed entirely of markdown documentation and code templates, containing no standalone executable scripts, binaries, or configuration files.
Audit Metadata