research-codebase
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface. The skill is explicitly instructed to 'Read these files yourself in the main context' and to use the Read tool 'WITHOUT limit/offset parameters to read entire files'. If an attacker-controlled file in the codebase contains malicious instructions, the agent may inadvertently follow them due to a lack of sanitization or delimiters. Evidence Chain: 1. Ingestion points: File reading tools used in Step 1 and Step 4. 2. Boundary markers: Absent; instructions do not specify how to isolate file content from system instructions. 3. Capability inventory: File system write access (dev/research/), sub-agent creation, and Todo list management. 4. Sanitization: Absent.
Audit Metadata