code-pattern-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from local codebases.
- Ingestion points: The skill analyzes files identified through glob patterns (e.g.,
**/*.js,**/*.py) in theSKILL.mdworkflow. - Boundary markers: There are no explicit instructions or delimiters defined to help the agent distinguish between its own operational logic and instructions that might be embedded in comments or strings within the code files being analyzed.
- Capability inventory: The skill possesses file-reading capabilities and generates structural reports/templates based on file content.
- Sanitization: No sanitization or filtering mechanisms are specified to handle malicious strings or instructions found in the analyzed source code.
Audit Metadata