linddun
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze untrusted source code provided by users. * Ingestion points: The skill processes a 'scoped file list' to detect privacy threats. * Boundary markers: The subagent prompt template lacks explicit delimiters or instructions to ignore embedded commands within the analyzed files. * Capability inventory: The dispatcher has the capability to call subagents via the Task tool, creating a chain of analysis. * Sanitization: There is no evidence of sanitization or escaping of the file content before it is passed to the subagents.
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize grep for identifying patterns such as PII, analytics identifiers, and consent flows within the codebase. This is a functional requirement for the skill's primary purpose.
Audit Metadata