source-code-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted external data in the form of project source code and configuration files.
- Ingestion points: The agent reads multiple file types including metadata (package.json, Cargo.toml), documentation (README.md), and source code files across all seven phases of its workflow.
- Boundary markers: The instructions do not specify any delimiters or safety guardrails to differentiate between code being analyzed and instructions that might be embedded within that code (e.g., in comments or string literals).
- Capability inventory: The skill utilizes file system read capabilities and interacts with other skills like 'note-writer' to generate persistent documentation, which could be exploited if an attacker-controlled codebase triggers unintended behavior.
- Sanitization: There is no evidence of content sanitization or validation of the files being read to prevent the agent from executing instructions found within the data.
Audit Metadata