agent-first-repo
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an autonomous workflow for 'Entropy Management' in 'references/entropy-management.md' where an agent scans the codebase for violations and opens refactoring PRs. This creates an indirect prompt injection surface.
- Ingestion points: The workflow involves agents reading the entire codebase, including files that may contain untrusted or externally-sourced content.
- Boundary markers: The skill does not define specific boundary markers or instructions to help the agent distinguish between data (code) and instructions during its automated scans.
- Capability inventory: The recommended workflow assumes the agent has permissions to modify the repository via 'targeted refactoring PRs' and file updates to 'QUALITY_SCORE.md'.
- Sanitization: There is no mention of sanitizing or escaping content read from files before processing it as part of the automated audit.
Audit Metadata