taste-check
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data (code snippets, file contents, or git diffs) which could contain hidden malicious instructions.
- Ingestion points: The skill explicitly instructs the agent to use 'Read' or 'Bash' tools to obtain code from the local environment or user input.
- Boundary markers: There are no defined delimiters or instructions (e.g., 'treat the following as data only') to prevent the agent from executing instructions embedded in code comments.
- Capability inventory: The agent uses filesystem read and shell execution (Bash) capabilities to retrieve data, making it a target for exploits that seek to read sensitive files via path traversal or command injection if the user input is not validated.
- Sanitization: No sanitization logic is present to filter or escape the code content before it is processed by the LLM.
Audit Metadata