skill-security-review
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core function of processing untrusted external artifacts. 1. Ingestion points: External artifacts and their referenced files are read into the analysis context in Step 1 of the workflow defined in SKILL.md. 2. Boundary markers: The skill does not explicitly utilize delimiters or instructions to ignore embedded commands within the analyzed data. 3. Capability inventory: The skill has the ability to write reports to the local file system and spawn sub-agents via the Task tool as documented in SKILL.md Steps 4 and 5. 4. Sanitization: No explicit sanitization or filtering of the analyzed artifact content is described. This is considered low risk and acceptable given the skill's purpose and its use of a second-pass validation as a structural mitigation.
- [SAFE]: The skill implementation follows a defensive design, focusing on read-only analysis and providing structured remediation guidance without executing the audited code.
Audit Metadata