change-impact-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and reason about untrusted external data (project source code and documentation).
- Ingestion points: Instructions direct the agent to use
Read,Grep, andGlobtools to extract content from all files in a repository (SKILL.md). - Boundary markers: There are no instructions provided to the agent to treat code comments or documentation as untrusted or to ignore embedded instructions within those files.
- Capability inventory: The skill is limited to information gathering and report generation (internal influence). It does not include commands for modifying the filesystem or making network requests.
- Sanitization: No sanitization or validation of the ingested code content is performed before the agent processes it.
- [Command Execution] (LOW): The workflow suggests that the agent construct and execute
grepcommands using strings found within the codebase. - Evidence: Multiple examples in
SKILL.md(e.g.,grep "<function_name>(" **/*.py) rely on the agent populating variables from untrusted source code. - Risk: If a function name or class name in the source code is maliciously crafted (e.g., containing shell metacharacters like
;or|), it could lead to command injection if the agent's shell execution tool does not provide adequate escaping.
Audit Metadata