exploitability-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided code and context for analysis, which creates a surface for indirect prompt injection where malicious instructions could be embedded in the analyzed data to manipulate the agent's behavior.
- Ingestion points: The 'Vulnerable code' and 'Context' inputs defined in the 'How to Use' section of SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands in the input data are present.
- Capability inventory: The skill is primarily analytical and does not exhibit capabilities for subprocess execution, network operations, or file system writing.
- Sanitization: No input validation or sanitization logic is implemented to strip potential instructions from the code being analyzed.
Audit Metadata