security-threat-model
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and summarize untrusted data from a target repository, creating a surface for indirect prompt injection. \n
- Ingestion points: The skill reads file contents, directory structures, and repository summaries as part of the threat modeling process (referenced in SKILL.md and references/prompt-template.md). \n
- Boundary markers: The workflow uses Markdown code blocks to separate data from instructions, but it lacks an explicit directive for the agent to disregard natural language commands found within the analyzed codebase. \n
- Capability inventory: The skill utilizes file system read capabilities to explore the repository and has the capability to write the final threat model report to a local Markdown file. \n
- Sanitization: The instructions include a requirement to redact any discovered secrets (tokens, keys, passwords), though there is no specific sanitization for instruction-like text within the ingested content.
Audit Metadata