launch-readiness-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (codebase files) and lacks boundary markers to prevent embedded instructions from influencing the agent's behavior. * Ingestion points: Processes README, CLAUDE.md, and source files via Read, Glob, and Grep. * Boundary markers: Absent. * Capability inventory: Includes Bash (run tests) and WebFetch (check URLs). * Sanitization: Absent.
- [Command Execution] (SAFE): The skill includes the Bash tool to run tests and check builds. This is a legitimate utility for a code auditor and does not appear to be used maliciously in the provided instructions.
Audit Metadata