project-detection
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via project metadata analysis. Ingestion points: The scripts/detect.sh script ingests data from local project files including package.json, pyproject.toml, and various monorepo configuration files. Boundary markers: The skill does not implement delimiters or safety instructions to distinguish between the agent's logic and the data extracted from the untrusted files. Capability inventory: The skill provides an inventory of shell commands (install, test, build) designed for agent execution, and the scripts utilize jq and grep to process project data. Sanitization: While jq ensures the output is valid JSON, the script fails to sanitize extracted strings (such as workspace names) for shell-safe characters before they are interpolated into the suggested command templates. Risk Factor: A malicious actor could provide a repository with crafted metadata that causes the skill to generate command strings containing shell injections.
Audit Metadata