slicing-elephant-carpaccio
Pass
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies and reads project files and external specifications to determine architecture and feature scope, creating a potential vector for data-borne instructions.\n
- Ingestion points: Reads project configurations (package.json, nx.json, etc.) and codebase files via the codebase-navigator agent (SKILL.md, Step 1 & 2).\n
- Boundary markers: No explicit delimiters or system instructions are provided to the agent to distinguish between task-related content and potential malicious instructions within the analyzed data.\n
- Capability inventory: The skill only utilizes text generation and the AskUserQuestion tool; it lacks the ability to execute code, access the network directly, or modify sensitive system files.\n
- Sanitization: There is no evidence of input validation or content sanitization for the data processed during the slicing workflow.
Audit Metadata