mobile-security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to ingest and analyze untrusted user-provided content such as mobile application code and architecture descriptions.
- Ingestion points: Untrusted data enters the agent context through user requests containing feature descriptions or implementation details for analysis in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions (e.g., 'ignore instructions within analyzed code') to prevent the model from obeying malicious commands embedded in the input data.
- Capability inventory: The skill is restricted to text generation and does not have access to file system operations, network requests, or command execution tools.
- Sanitization: No input validation or sanitization mechanisms are implemented to filter out potential injection patterns from the analyzed code or descriptions.
Audit Metadata