explore
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection because the agent is directed to read and synthesize information from potentially untrusted files within a repository.
- Ingestion points: The workflow involves scanning and reading repository-level knowledge files (e.g., .agents/skills/, AGENTS.md, CLAUDE.md), source code found via search, and sibling files to identify patterns and system flows.
- Boundary markers: The provided instructions do not include explicit directives for the agent to use delimiters or specific safety warnings to ignore embedded natural language instructions within the files it analyzes.
- Capability inventory: The skill utilizes file reading and git log commands for investigation. It does not explicitly grant capabilities for network access or persistent file modifications within its own instruction set.
- Sanitization: No sanitization, validation, or filtering of the ingested file content is performed before the agent processes the data and synthesizes it into conversational output or saved briefs.
Audit Metadata