security-best-practice
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes and follows instructions derived from untrusted project files and source code.\n
- Ingestion points: The agent scans project files and source code in Step 1 and Step 3 of the SKILL.md file.\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its own logic and potential instructions embedded within the user's audited code.\n
- Capability inventory: The skill is authorized to modify the filesystem and execute shell commands to verify changes in Step 5.\n
- Sanitization: Input data from the user's project is not sanitized or filtered before being processed by the LLM.\n- [COMMAND_EXECUTION]: The skill invokes system commands to verify code changes.\n
- Evidence: Step 5 of the instructions directs the agent to execute test runners, linters, and build tools (e.g., npm test, go build) defined within the user's project environment.
Audit Metadata