reverse-document
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core function of reading and processing untrusted project files.
- Ingestion points: The agent reads code and prototypes from user-defined paths using Read, Glob, and Grep tools in SKILL.md.
- Boundary markers: No delimiters or specific safety instructions are used to distinguish implementation details from potential malicious instructions within the analyzed files.
- Capability inventory: The agent has access to powerful tools including Bash, Write, and Edit, which could be leveraged if an injection is successful.
- Sanitization: There is no evidence of sanitization or content filtering for the data read from the filesystem.
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool. While the provided instructions demonstrate a workflow centered on analysis and documentation, the presence of Bash provides a broad capability for command execution on the host system. This risk is managed by the skill's collaborative protocol requiring user approval before significant actions.
Audit Metadata