unslop
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk through external code processing. \n
- Ingestion points: The skill explicitly scans all files in a codebase (Workflow Step 1) and evaluates code content, template comments, and CSS classes (SKILL.md). \n
- Boundary markers: Absent. There are no instructions for the agent to distinguish between legitimate code comments and instructions targeting the agent's behavior. \n
- Capability inventory: The skill directs the agent to perform destructive file modifications, including deleting code paths, variables, and comments (Workflow Step 3). \n
- Sanitization: Absent. The skill relies on 'Heuristics' (e.g., 'Is the comment just paraphrasing code?') which are subjective and easily manipulated by an attacker to trigger unintended deletions or logic changes.
Recommendations
- AI detected serious security threats
Audit Metadata