ghost-validate
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill demonstrates an attack surface for indirect prompt injection because it ingests untrusted vulnerability findings and acts upon them using privileged capabilities.\n
- Ingestion points: Finding details are extracted from user-provided file paths or text in
SKILL.md(Step 1).\n - Boundary markers: Absent; the skill lacks specific instructions or delimiters to isolate untrusted finding data from the agent's logic.\n
- Capability inventory: The skill allows the agent to read source code files (Step 2), execute network-based validation via the
reapertool (Step 3), and append data to local files (Step 6).\n - Sanitization: No explicit sanitization or validation of the input finding content is performed.\n- [Command Execution] (SAFE): The skill uses the
reaperutility for legitimate security triage tasks.\n - Evidence:
reaper proxyandreaper get <id>commands are used inSKILL.mdto facilitate live validation of security findings, which is consistent with the skill's stated purpose.
Audit Metadata