security-guardian
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Misleading metadata in the author field. The skill frontmatter claims to be authored by GitHub Copilot, which contradicts the actual author information provided by the platform (caomeiyouren). This metadata poisoning technique is typically used to impersonate trusted entities and deceptively build user trust.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted code files across the entire workspace.
- Ingestion points: Analyzes all workspace files as defined by the broad applyTo configuration.
- Boundary markers: Lacks delimiters or explicit instructions for the agent to ignore embedded prompts within the analyzed data.
- Capability inventory: Designed to perform security audits, read file contents, and generate reports on vulnerabilities.
- Sanitization: No sanitization or validation of the analyzed content is specified in the instructions.
- [NO_CODE]: The skill does not include any executable scripts or binary files, relying entirely on natural language instructions for the agent's behavior.
Audit Metadata