status
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and displays content from files that could be manipulated by external tools or actors.
- Ingestion points: The skill reads
.appsec/findings.json,.appsec/last-run.json,.appsec/start-assessment.json, and.appsec/config.yamlto populate the dashboard. - Boundary markers: There are no specified delimiters or instructions to the agent to treat the content of these files strictly as data and ignore any embedded natural language instructions.
- Capability inventory: The skill utilizes
git diffand file read operations. - Sanitization: No evidence of sanitization, escaping, or schema validation is present for the data read from the
.appsec/directory before it is displayed. - [COMMAND_EXECUTION]: The skill executes a system command to determine changes in the repository.
- Evidence: It runs
git diff --name-onlyusing a timestamp extracted from the locallast-run.jsonfile.
Audit Metadata