auditing-access-control
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected due to the processing of external, untrusted configuration data.
- Ingestion points: Scripts
scripts/policy_parser.py,scripts/report_generator.py, andscripts/access_control_audit.pyread and parse IAM policies and ACL files provided by the user. - Boundary markers: Absent. The skill instructions do not define delimiters or provide specific instructions to the agent to ignore potential instructions embedded within the configuration files being audited.
- Capability inventory: The skill has significant capabilities, including file system access (Read, Write, Edit) and shell execution via
Bash(security:*),Bash(scan:*), andBash(audit:*). - Sanitization: Absent. The provided scripts perform basic JSON loading and file property analysis but do not include logic to sanitize or validate the content against malicious instructional prompts.
Audit Metadata