fix
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from the codebase and external finding reports without established security boundaries or sanitization.
- Ingestion points: The skill reads data from
.appsec/findings.jsonand uses theReadtool to ingest arbitrary source code files for analysis. - Boundary markers: The instructions lack explicit delimiters or "ignore embedded instructions" directives for the data retrieved from the files, increasing the risk of the agent obeying instructions found in code comments or data fields.
- Capability inventory: The skill utilizes the
Readtool for file access and theEdittool to apply modifications to the project files, creating a path for automated file-system changes based on interpreted input. - Sanitization: No sanitization, escaping, or validation of the content within the ingested files is performed before the data is processed by the model to generate the remediation code.
Audit Metadata