acc-check-aggregate-consistency
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (INFO): The skill is designed to ingest and analyze external PHP source code, which technically acts as an untrusted data source.
- Ingestion points: Processes external PHP files via detection patterns and grep instructions.
- Boundary markers: No explicit delimiters are defined to separate ingested code from analysis instructions.
- Capability inventory: The skill is limited to performing text analysis and generating markdown reports. It lacks capabilities for file system modification, network communication, or arbitrary command execution.
- Sanitization: The skill does not perform sanitization, but its limited capability set (display only) renders the risk negligible.
- Command Execution (SAFE): While the skill contains
greppatterns, these are provided as static instructional strings for the agent to use as search parameters. They do not contain shell escapes, piping to executable shells, or other malicious command injection patterns.
Audit Metadata