agent-native-audit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is strictly limited to architectural analysis. The access to codebase files like API handlers and tool definitions is necessary for the audit and does not constitute unauthorized data exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface by processing untrusted codebase content. * Ingestion points: The workflow in SKILL.md (Step 2) requires the agent to analyze user actions, tool files, and data stores. * Boundary markers: Absent. The skill does not define specific delimiters for separating codebase content from the agent's instructions. * Capability inventory: The agent uses the Task tool to explore and synthesis codebase architecture. * Sanitization: Absent. The content of the audited files is processed directly by the sub-agents.
Audit Metadata