sarif-parsing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes SARIF files which are untrusted external data sources, creating a vulnerability surface for indirect prompt injection. Malicious instructions embedded in security findings could attempt to manipulate the agent. \n
- Ingestion points: The skill uses
jqcommands inSKILL.mdand theload_sariffunction inresources/sarif_helpers.pyto read external files. \n - Boundary markers: There are no explicit markers or instructions to the agent to disregard embedded directives within the SARIF content. \n
- Capability inventory: The skill has access to
Bash,Read,Glob, andGreptools, which could be exploited by a successful injection. \n - Sanitization: No sanitization is performed on the text fields of the SARIF results (such as messages or rule descriptions) before they are processed by the agent. \n- [EXTERNAL_DOWNLOADS]: The skill documentation and helper scripts reference multiple external packages and repositories for extended functionality. \n
- Documentation suggests the use of Python packages
pysarif,ijson, andjsonschema. \n - References the
garifGo package hosted on GitHub atgithub.com/chavacava/garif. \n - Mentions the
ajv-cliNode.js package for validation purposes. \n - References the
sarifweb.azurewebsites.netservice for online validation. \n - References various repositories including
github.com/Kjeld-P/pysarifand Microsoft'ssarif-tools.
Audit Metadata