oss-code-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it fetches and analyzes untrusted content from external repositories. * Ingestion points: As detailed in SKILL.md (Step 2 and Step 4), the agent reads source code, README files, and manifest files from third-party repositories. * Boundary markers: The skill includes a 'Guardrails' section that explicitly instructs the agent to treat all external content as untrusted and to ignore any embedded directives or prompt injection attempts. * Capability inventory: Capabilities are limited to web browsing and reading; the skill explicitly prohibits high-risk actions like cloning, downloading, or executing analyzed code. * Sanitization: Instructions mandate that content from repositories must be treated as analysis material only and must not influence the agent's logic or output structure.
Audit Metadata