model-recommendation
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads and processes the content of user-provided files.
- Ingestion points: Content is read from the file specified in the
${input:filePath}variable. - Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within the analyzed files.
- Capability inventory: The agent's capabilities in this context are restricted to generating markdown reports and querying documentation via the trusted
context7tool. - Sanitization: No input sanitization or validation is performed on the ingested content.
- [SAFE]: The skill contains no executable code, hardcoded credentials, or persistence mechanisms. Its operations are limited to analytical logic and information retrieval from official GitHub-managed resources.
Audit Metadata