enhance-cross-file
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Processes workspace files including agents, skills, and workflows as mentioned in the analysis purpose.
- Boundary markers: Absent; no specific delimiters or instructions are provided to the agent to disregard instructions within the analyzed data.
- Capability inventory: Execution of a Node.js script to process files.
- Sanitization: No sanitization of input data is documented.
- [COMMAND_EXECUTION]: The skill executes a local file at
./lib/enhance/cross-file-analyzer.jsusing thenode -ecommand. The source code for this script is not provided in the skill package, preventing a full security audit of the performed operations.
Audit Metadata