skill-auditor
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by reading untrusted data from repository files and a user-provided configuration file, then interpolating that content into generated AI instructions.
- Ingestion points: Reads project metadata from files such as
package.json,requirements.txt,.gitlab-ci.yml, and a custom.skill-auditor.config.jsonfile. - Boundary markers: The instructions do not specify boundary markers or instructions to the agent to ignore potentially malicious content inside the project files during the audit process.
- Capability inventory: The skill performs file system write operations to create a new
SKILL.mdfile in the.kiro/skills/directory. - Sanitization: No validation or sanitization of the strings extracted from the project files is described before they are included in the final skill file.
- [DATA_EXPOSURE]: The skill accesses project configuration and infrastructure files, such as CI/CD workflows and container definitions. While these files are sensitive, accessing them is consistent with the skill's primary purpose of analyzing project architecture. No external transmission of this data was identified.
Audit Metadata