dag-dependency-resolver
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill has a vulnerability surface for indirect prompt injection as it processes external data and has filesystem modification capabilities.
- Ingestion points: It uses
ReadandGlobtools to ingest DAG structure definitions and configuration data (SKILL.md). - Boundary markers: No boundary markers, delimiters, or explicit instructions are provided to help the agent distinguish between data and potentially embedded instructions within the files it processes.
- Capability inventory: The skill is granted
WriteandEdittools, allowing it to modify files on the system based on input that could be influenced by an attacker. - Sanitization: There is no evidence of input validation, schema enforcement, or escaping of content read from external files before it is processed by the agent.
Audit Metadata