Skills
skills/dasien/retrowarden/Technical Debt Assessment/Gen Agent Trust Hub

Technical Debt Assessment

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and analyze untrusted source code from external files. \n
  • Ingestion points: Files in the codebase are scanned using Read, Grep, and Glob tools. \n
  • Boundary markers: There are no explicit delimiters or instructions to the agent to disregard potential commands embedded in code comments, strings, or documentation within the files being analyzed. \n
  • Capability inventory: Based on the metadata, the agent is granted access to Read, Grep, and Glob tools. However, the skill documentation suggests running external analysis tools such as pytest and bandit on the untrusted source code, which could involve code execution if the agent has access to a command shell. \n
  • Sanitization: There is no evidence of content sanitization or validation of the data read from files before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:27 AM