attack-surface
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits susceptibility to indirect prompt injection (Category 8) because its primary function involves processing untrusted codebase data.
- Ingestion points: The skill processes various files including route definitions, controllers, API specifications (OpenAPI, GraphQL, gRPC), and source code files as described in Step 1 and Step 2 of the workflow.
- Boundary markers: There are no specified delimiters or instructions for the agent to ignore instructions embedded within the files it is analyzing, which could lead the agent to follow malicious commands placed in comments or documentation.
- Capability inventory: The skill allows the agent to trace data flows to internal sinks and generate structured findings based on the input code, providing a mechanism for influenced output.
- Sanitization: No sanitization or validation mechanisms are defined for the data extracted from the analyzed codebase before it is used by the agent to make decisions or generate reports.
Audit Metadata