code-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and analyze external code files that may contain hidden instructions.
- Ingestion points: File contents are read using the
file_readtool in Phase 1 of the review process. - Boundary markers: The skill instructions do not specify any delimiters or safety warnings to prevent the model from following instructions embedded within the analyzed code.
- Capability inventory: The skill possesses the
bashtool, which can execute system commands, and thefile_readtool for accessing the local file system. - Sanitization: There is no process for sanitizing or escaping the content of the files before they are processed by the agent.
Audit Metadata