nav-init
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (MEDIUM): Indirect prompt injection risk through untrusted project metadata. • Ingestion points: The
detect_project_infofunction inproject_detector.pyreads data frompackage.json,pyproject.toml,go.mod,Cargo.toml,composer.json, andGemfile. • Boundary markers: None. Extracted strings are directly replaced in templates usingcustomize_templateintemplate_customizer.py. • Capability inventory: The skill produces documentation templates intended for agent context. Malicious strings in configuration files (e.g., a project name containing 'Ignore previous instructions') can manipulate the agent's logic. • Sanitization: No sanitization or character filtering is performed on the extracted metadata before interpolation. - [Data Exposure] (LOW): Potential for local file existence probing. The
detect_project_infofunction accepts acwdparameter; if an agent allows user-supplied paths, it could be used to verify the presence of specific configuration files across the filesystem.
Audit Metadata