stride
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a workflow where untrusted source code is processed and passed to other LLM subagents, creating a surface for indirect prompt injection.
- Ingestion points: File contents are gathered via Glob/Grep and interpolated into the
{FILE_LIST}placeholder within subagent prompts. - Boundary markers: The prompt template uses plain text headers (e.g., 'FILES:') rather than robust delimiters or explicit 'ignore embedded instructions' directives to isolate the untrusted data.
- Capability inventory: Subagents are tasked with identifying security vulnerabilities; a successful indirect injection could cause these agents to suppress findings or hallucinate false positives.
- Sanitization: The skill does not perform sanitization or instruction-filtering on the code content before analysis.
Audit Metadata