project-feature-explainer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is highly susceptible to Indirect Prompt Injection (Category 8) because its primary function is to ingest and analyze external, untrusted project code.
- Ingestion points: Arbitrary source code files, API definitions, and the mandatory files in the
references/directory. - Boundary markers: None. There are no instructions to use delimiters or to disregard natural language instructions found within the project files being analyzed.
- Capability inventory: Reading file system contents and generating detailed technical summaries and workflows.
- Sanitization: None detected. The agent is encouraged to 'Trace Dependencies' and 'Analyze Data Flow', which involves deep parsing of potentially malicious content.
- NO_CODE (INFO): No executable scripts (Python, JavaScript, etc.) were found in the skill. The logic is entirely instruction-based, which reduces the risk of direct remote code execution but increases reliance on the model's adherence to safety guidelines when handling the prompt injection surface mentioned above.
Audit Metadata