launch-readiness-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is highly susceptible to Indirect Prompt Injection (Category 8) because its primary function is to analyze untrusted external data.
- Ingestion points: The 'Phase 1: Discovery' process uses
Read,Glob, andGreptools to read untrusted content from README files, documentation, and codebase structure (SKILL.md). - Boundary markers: The prompt lacks explicit boundary markers or instructions to treat data from the audited repository as non-executable instructions, increasing the risk that the AI may follow malicious commands embedded in code comments or project documentation.
- Capability inventory: The agent has access to
Bash(shell execution),WebFetch(network requests), andTask(delegation), which provides a significant exploit surface if a malicious project successfully injects instructions. - Sanitization: There is no evidence of sanitization or filtering of the ingested content before it is processed by the AI.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to 'Run tests' and 'check build status.' This pattern inherently involves executing scripts and commands defined within the audited codebase. If the codebase being audited is malicious, this could lead to arbitrary command execution on the host environment via manipulated test scripts or build configurations.
Audit Metadata