plain-language
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data from the local project directory, creating a surface for indirect prompt injection. Malicious text within reviewed files could attempt to override agent instructions.
- Ingestion points: Documentation files (.md, .txt, .rst, .adoc, .mdx) and source code comments located by the 'scripts/scan-files.sh' script.
- Boundary markers: The skill does not specify the use of delimiters or "ignore" instructions when reading the contents of these files to isolate external data from instructions.
- Capability inventory: The skill is limited to reading files and listing directory contents; it does not provide tools for file writing or network access, which limits the potential impact of an injection.
- Sanitization: No sanitization or content filtering is applied to the text retrieved from the target files.
Audit Metadata