auditing-deep-link-contracts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes local shell scripts (
validate-deep-link-contract.shandgenerate-deep-link-test-vectors.sh) which execute embedded Python code using heredocs. This is a common pattern for utility skills and does not involve network access or elevated privileges. - PROMPT_INJECTION (LOW): Indirect prompt injection surface (Category 8) identified in the handling of project-level configuration files.
- Ingestion points: The skill reads and processes user-provided JSON from
.mobile/deep-link-contract.json. - Boundary markers: Absent. The skill does not implement delimiters or 'ignore' instructions when reading the contract data before presenting it to the agent for auditing.
- Capability inventory: The skill allows file creation and local script execution. The agent is intended to read the output of these operations to generate human-readable reports.
- Sanitization: The scripts validate the structure and types of the JSON data but do not sanitize the string content for potential natural language instructions that could bias the agent's report.
Audit Metadata