migration-and-doc-consolidation
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it reads untrusted data from repository files and has the capability to execute arbitrary commands based on its analysis of those files.
- Ingestion points: Uses
ReadandFileSearchto ingest content from scripts, documentation, and configuration files within the repository (SKILL.md). - Boundary markers: Absent. The instructions do not define clear delimiters or provide instructions to the agent to ignore potentially malicious embedded commands within the files it inventories.
- Capability inventory: Includes
Bash(*),Read, andFileSearch. TheBash(*)tool allows for full repository modification and system interaction (SKILL.md). - Sanitization: Absent. There is no specified logic to sanitize or validate file content before the agent interprets it or uses it to generate shell commands.
Audit Metadata