domain-discover
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of analyzing and extracting content from external, untrusted repositories.\n
- Ingestion points: The skill reads various codebase files including package.json, requirements.txt, Makefiles, application source files, and README documentation as defined in SKILL.md.\n
- Boundary markers: There are no explicit instructions or delimiters used to isolate ingested content from the agent's instructions or to prevent the agent from following instructions embedded within the analyzed data.\n
- Capability inventory: The skill is granted access to the Bash, Write, and Edit tools, which represent a significant capability surface if an attacker successfully injects instructions into the codebase being analyzed.\n
- Sanitization: The instructions do not define any sanitization, validation, or escaping of the content extracted from code comments or documentation before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform setup tasks, specifically executing 'mkdir -p' based on input arguments. While this is a standard administrative task, it provides a functional capability that could be leveraged if the agent's behavior is influenced by an injection attack.
Audit Metadata