kotlin-in-action
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Code Review' mode designed to ingest and analyze user-provided Kotlin source code. This creates a surface for indirect prompt injection where malicious instructions could be embedded in comments or string literals within the code snippets being analyzed to influence the agent's behavior.
- Ingestion points: User-provided Kotlin code blocks processed during 'Code Review' mode, as instructed in
SKILL.md. - Boundary markers: While the skill uses markdown code blocks for structure, it lacks explicit instructions to the model to ignore any natural language instructions found within the code under review.
- Capability inventory: The skill provides text-based code generation and review; it includes a utility script
scripts/setup_detekt.pythat writes a local configuration file and a shell script for the 'Detekt' analysis tool, but it does not possess autonomous runtime file system or network execution capabilities. - Sanitization: No sanitization, escaping, or validation of the input source code is performed before the agent processes the content.
Audit Metadata