cve-reachability-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as its primary function is to ingest and analyze untrusted source code and configuration data from external repositories. An attacker could embed malicious instructions within code comments or metadata in a repository being analyzed.
- Ingestion points: The skill reads file content from the target repository, including dependency manifests (SKILL.md Step 2), source code files (Steps 3-5), and configuration files (Step 6).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat ingested code content strictly as data, increasing the risk that the agent may follow instructions embedded in analyzed files.
- Capability inventory: The process involves deep inspection of call chains and dynamic behavior, requiring the agent to process large amounts of potentially attacker-controlled text.
- Sanitization: The instructions do not specify any validation, escaping, or sanitization of the content being analyzed before it is processed by the agent.
Audit Metadata