find-bugs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted data (source code and git diffs) that could contain instructions designed to manipulate the LLM's output.
- Ingestion points: The skill explicitly instructs the agent to run
git diff master...HEADand read individual modified files (SKILL.md, Phase 1). - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between the auditing instructions and the content of the code being audited.
- Capability inventory: The skill utilizes shell command execution (
git diff) and file read operations. - Sanitization: Absent. There is no logic to sanitize or escape the content of the files before they are processed by the LLM.
- [Data Exposure] (SAFE): The skill accesses local source code to perform its function. While this brings sensitive logic into the LLM context, it is restricted to local read-only operations and aligns with the primary stated purpose of the skill.
Audit Metadata