discover
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted project data as part of its discovery workflow.
- Ingestion points: The skill reads local project files including source code, READMEs, and configuration files via Read, Grep, and Glob tools.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions found within the project's data.
- Capability inventory: The skill has access to the Bash tool, allowing the execution of npm scripts for testing and auditing.
- Sanitization: No sanitization or validation of the ingested code content is performed before processing.
- [COMMAND_EXECUTION]: The skill requests permission to execute Bash commands to perform project audits.
- Evidence: The allowed-tools section in SKILL.md includes Bash(npm test:), Bash(npm audit:), and Bash(npm outdated:*).
- Context: While restricted to specific npm prefixes, these commands execute scripts defined in the local package.json, which are part of the untrusted project data.
Audit Metadata