security-threat-model
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to analyze untrusted repository data, which creates a surface for indirect prompt injection. An attacker could embed instructions in the codebase to manipulate the output.
- Ingestion points: Files within the user-provided repository path are read during the summary and discovery phases.
- Boundary markers: The skill uses structural headers and role-based instructions in references/prompt-template.md. It does not use unique tokens or XML-style delimiters for ingested content.
- Capability inventory: The skill utilizes file reading, the ripgrep search tool, and file-write access for the final Markdown report.
- Sanitization: The instructions explicitly mandate the redaction of secrets, but no specific measures are provided to sanitize or escape potentially malicious prompt instructions in the analyzed files.
Audit Metadata