code-explainer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process external data (source code files) which represents a potential injection surface.
- Ingestion points: The skill uses
Read,Grep, andGlobtools to read the content of files provided by the user or found in the environment. - Boundary markers: Absent. The instructions do not specify delimiters or provide warnings to ignore instructions that might be embedded within the code comments of the files being read.
- Capability inventory: The skill is limited to read-only file system tools. It does not have access to tools for network communication (
curl,fetch), arbitrary command execution (shell,subprocess), or file modification. - Sanitization: No sanitization of the input file content is performed before the agent processes it for explanation.
- Conclusion: While an attacker could embed malicious instructions in code comments (Indirect Prompt Injection), the agent has no high-privilege tools to execute those instructions or exfiltrate data. The risk is limited to the agent producing a misleading or biased explanation.
Audit Metadata