sentry-security
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and analyze untrusted external data (source code) to identify security flaws. This activity creates an attack surface where instructions embedded within comments or metadata of the analyzed code could potentially influence the agent's behavior. Evidence Chain: 1. Ingestion points: Source code files are read using the Read, Grep, and Glob tools as defined in SKILL.md. 2. Boundary markers: Absent; there are no instructions to use delimiters or explicit 'ignore embedded instructions' warnings when processing analyzed files. 3. Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools (SKILL.md). 4. Sanitization: Absent; the skill performs raw analysis of code content without prior filtering or sanitization.
Audit Metadata