design-spec-rules
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill presents a high risk for Indirect Prompt Injection (Category 8). 1. Ingestion points: Untrusted content is read from files provided via the $ARGUMENTS variable. 2. Boundary markers: No separators or 'ignore instructions' warnings are used for the input code. 3. Capability inventory: The skill is capable of modifying files as it is instructed to 'offer to fix the issues directly'. 4. Sanitization: There is no sanitization of the reviewed code, allowing embedded instructions to potentially hijack the agent.
- NO_CODE (LOW): The skill contains no executable scripts or binaries, relying solely on markdown instructions.
Recommendations
- AI detected serious security threats
Audit Metadata