schema-inspector
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and returns untrusted file names and paths from the local filesystem to the agent. This could allow an attacker to influence agent behavior through maliciously crafted file names or metadata if the agent processes the output as instructions.
- Ingestion points: File names and paths are ingested from the filesystem in src/lib.ts via the walk function.
- Boundary markers: No delimiters or protective instructions are used to isolate file-derived data from the agent's system prompt or subsequent instructions.
- Capability inventory: The skill performs recursive filesystem traversal and relative path resolution.
- Sanitization: No sanitization, escaping, or validation of the retrieved file names or paths is performed.
Audit Metadata