verify
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it performs AI-driven analysis (Claude analysis) on untrusted source code and finding metadata provided in the verification context.\n
- Ingestion points: The workflow ingests data from
.appsec/findings.jsonand the source code at the location of the reported vulnerability.\n - Boundary markers: There are no explicit delimiters or instructions provided to isolate the code being analyzed from the agent's operational instructions, increasing the risk that embedded comments could be interpreted as commands.\n
- Capability inventory: The skill uses file-read tools to load code, file-write tools to update
.appsec/findings.jsonand.appsec/fixed-history.json, and has the capability to execute system scanners via CLI.\n - Sanitization: No mechanisms for sanitizing or filtering untrusted code content are described before the AI evaluates the fix integrity.
Audit Metadata