acc-check-insecure-design
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODESAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze untrusted PHP source code, creating a surface for potential instruction injection via code comments or data.\n
- Ingestion points: PHP source code processed by the agent (defined in SKILL.md).\n
- Boundary markers: None provided in the analysis template.\n
- Capability inventory: Markdown report generation only; no file-write, network, or subprocess execution capabilities are present within the skill.\n
- Sanitization: None specified for input source code.\n- [No Code] (SAFE): The skill consists entirely of markdown documentation and grep patterns for reference; it does not include executable code files.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive path access, or network exfiltration patterns were detected.\n- [Prompt Injection] (SAFE): No instructions to override the agent's core behavior or bypass safety guidelines were found.
Audit Metadata