re-extract-requirements
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of analyzing external source code. 1. Ingestion points: The skill reads source code and logic diagrams from target files specified in a manifest (Step 2). 2. Boundary markers: The instructions lack explicit delimiters or 'ignore' commands to separate code content from analysis instructions. 3. Capability inventory: The agent has access to 'Bash', 'Read', and 'Write' tools. 4. Sanitization: No sanitization or filtering of the ingested code is mentioned. An attacker could potentially embed malicious instructions in code comments to influence the agent's behavior.
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool for file system operations and code scanning. While its intended use is for analysis, the availability of a general-purpose shell tool increases the impact of potential injection attacks by providing a powerful execution environment.
Audit Metadata