repo-grounding
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it is designed to ingest and process arbitrary repository data.
- Ingestion points: Reads repository files, configuration files, and CI/CD scripts via ReadFileSearch.
- Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for the ingested content.
- Capability inventory: Authorized to use ReadFileSearch(*) tools.
- Sanitization: Absent; the skill does not suggest any validation or filtering of the file content before the agent reasons over it.
- [DATA_EXFILTRATION] (SAFE): While the skill accesses potentially sensitive configuration files, it lacks any network-enabled tools or commands (like curl or fetch) to move that data off-system.
- [NO_CODE] (SAFE): This skill is entirely instructional (markdown) and does not ship with any executable scripts or third-party dependencies.
Audit Metadata