drift-detection
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted documentation and source code to identify 'drift'.
- Ingestion points: Specification documents (PRD, SDD, PLAN), source code files in the
src/directory, and test files in thetests/directory (SKILL.md, Step1 and Step2). - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard embedded instructions within the documents being analyzed.
- Capability inventory: The agent has the capability to execute shell commands (
grep,find), read file content, and write updates to the project's README file (SKILL.md, DriftLogging). - Sanitization: There is no evidence of content sanitization or validation for the requirements extracted from external documents before they are used to guide the agent's analysis or reporting.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands to perform architectural and requirement verification. While the provided examples are static, the logic suggests the agent may generate patterns based on specification content.
- Evidence: The use of
grep -r,find, and complex pipes (e.g.,grep -r "prisma\.\|db\.\|query(" src/ --include="*.ts" | grep -v Repository) to inspect the file system (reference.md). - [CREDENTIALS_UNSAFE]: The skill's detection strategies involve searching for strings associated with authentication and security tokens. If hardcoded credentials exist in the codebase, the skill will likely locate and display them in its report.
- Evidence: Specific search patterns include
access.token,authenticate, andloginacross thesrc/directory (SKILL.md, Strategy1).
Audit Metadata