investigating-a-codebase
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill establishes a significant surface for indirect prompt injection (Category 8) by instructing the agent to process untrusted codebase data.
- Ingestion points: The investigation workflow requires the agent to read arbitrary source files, configuration files (e.g., package.json), and documentation using search and read tools.
- Boundary markers: The instructions do not define any delimiters or provide explicit warnings for the agent to ignore instructions embedded within the code or comments it analyzes.
- Capability inventory: The skill's stated purpose is to ground planning and design decisions, which in an agent environment typically grants the agent the capability to perform follow-up actions like file modifications or code execution.
- Sanitization: There are no requirements for the agent to sanitize, escape, or validate the content it retrieves from the codebase before using it to inform its reasoning.
Recommendations
- AI detected serious security threats
Audit Metadata