agent-owasp-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and recommends the installation of the 'agent-governance-toolkit' from Microsoft's GitHub repository. It also links to agent governance patterns within the 'github/awesome-copilot' repository for reference implementations.
- [PROMPT_INJECTION]: The skill logic involves reading and processing the content of external Python files to perform security checks. This process creates an exposure to indirect prompt injection, where an attacker could embed instructions within a codebase to manipulate the agent's audit results.
- Ingestion points: Reads content from files ending in
.pywithin a user-provided project directory. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used in the provided scanning logic.
- Capability inventory: The skill performs file system read operations across the target project.
- Sanitization: The file content is read and processed via string matching and regular expressions without specific sanitization or escaping of the input data.
Audit Metadata