deep-audit
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to audit external, potentially untrusted repositories and propagate findings between different agent waves. For example, in Wave 4, the 'Zero-Day Hunt' agent receives summaries of findings from the 'Security Audit' agent. Maliciously crafted content within the audited repository could attempt to influence the behavior of the subsequent agents if not properly delimited.
- Ingestion points: Technical stack detection in references/detection-patterns.md and context passing between agents in SKILL.md (Step 4).
- Boundary markers: The skill uses markdown headers to separate context but does not employ robust delimiters or specific instructions to ignore instructions embedded in the audited data.
- Capability inventory: The skill dispatches 'general-purpose' subagents with full tool access and writes detailed findings to the local filesystem.
- Sanitization: There is no explicit sanitization or filtering of the summaries generated from untrusted code before they are passed to other agents.
- [COMMAND_EXECUTION]: The skill includes a bash script in references/detection-patterns.md for tech-stack detection. The agent is instructed to run this script from the repository root. While the script's operations (using git and grep) are transparent and benign, it constitutes the execution of code provided within the skill's reference files.
Audit Metadata