rubber-duck
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input as problem descriptions. Ingestion points: User problem descriptions provided during the conversational flow. Boundary markers: Absent. Capability inventory: Restricted read-only tools including bash (cat, grep, head, ls) and file (read). Sanitization: Absent. While an attacker could attempt to manipulate the agent's behavior via these descriptions, the impact is strictly limited to the information already accessible to the agent in its restricted sandbox.
- [Data Exposure] (INFO): The toolset permits the agent to read local files to assist in debugging. This creates a minor risk of exposing local configuration or sensitive data if the agent is directed to those files by a user, but the lack of network tools (e.g., curl, wget) ensures that any exposed data remains within the local session.
Audit Metadata