req-merger
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to how it handles external data.
- Ingestion points: The skill reads untrusted content from
cleaned-requirements/index.mdandcleaned-requirements/issues.mdto perform merge operations. - Boundary markers: There are no specified delimiters or "ignore embedded instructions" warnings provided in the skill logic to prevent the agent from obeying commands hidden within the requirement files.
- Capability inventory: The skill has access to the
Bash,Read, andWritetools. An attacker could potentially embed malicious commands in the input markdown files that the agent might inadvertently execute while attempting to "integrate" the text. - Sanitization: No sanitization, escaping, or validation logic is defined to check the content of the issues or requirements before processing.
Audit Metadata