galaxy-context
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill implements a routing mechanism that triggers various technical actions (such as database migrations or test execution) based on user-supplied intent and resource names, which is a surface for indirect prompt injection.
- Ingestion points: The agent processes user messages to match keywords like 'database', 'API', or 'test' (specified in SKILL.md).
- Boundary markers: Absent. The instructions do not provide delimiters or guidance for the agent to ignore or isolate instructions that might be embedded within user-provided data.
- Capability inventory: The skill routes to other sub-skills that perform file writes, database migrations, and shell command execution (e.g.,
./run_tests.sh,make format,ruff). - Sanitization: Absent. There is no instruction to validate or sanitize user-provided resource names or arguments before they are passed to the targeted skills or commands.
Audit Metadata