skills/code-sherpas/agent-skills/business-logic-entry-point-database-transaction/Gen Agent Trust Hub
business-logic-entry-point-database-transaction
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data (source code) and possesses capabilities to modify files.\n
- Ingestion points: The skill instructions direct the agent to identify, read, and interpret business-logic entry points within a project's source code (e.g., command handlers, query handlers, or application services).\n
- Boundary markers: There are no instructions provided to use delimiters or ignore embedded instructions within the code being analyzed, which is a common practice to mitigate injection risks.\n
- Capability inventory: The agent is expected to 'create' and 'modify' business-logic entry points, which implies file-write capabilities over the codebase.\n
- Sanitization: The skill does not mention any sanitization, validation, or escaping of the code content before it is processed or modified by the agent.
Audit Metadata