code-exploration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process data from external repositories and documentation that the agent does not control.
- Ingestion points:
code_search,read_document, andsearchtools retrieve content from internal repositories and design specifications. - Boundary markers: Absent. The instructions do not provide delimiters or "ignore embedded instructions" warnings for the agent when processing retrieved content.
- Capability inventory: The agent can search repositories, read full file contents, and search employee directories.
- Sanitization: Absent. There is no mention of escaping or filtering content retrieved from the search tools before the agent processes it.
- Data Exposure (LOW): The skill provides an interface to access sensitive organizational data, including source code, architectural specs, and employee information. While this is the tool's intended purpose, it increases the risk that an agent could inadvertently expose confidential information if it is later asked to summarize or transmit its findings to an external or lower-privilege context.
Audit Metadata