analyze-code
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (local source code) without sufficient boundary enforcement.
- Ingestion points: The skill explicitly gathers existing code files from the current working directory to be analyzed by the 'consultant' agent.
- Boundary markers: The instructions lack explicit delimiters (e.g., XML tags or unique separators) to help the LLM distinguish between the source code content and the analysis instructions.
- Capability inventory: The sub-agent invokes a 'consultant CLI' and generates a markdown report for the user.
- Sanitization: There is no evidence of content sanitization or instruction-aware filtering applied to the code files before they are provided to the LLM.
Audit Metadata