reverse-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Instructions in SKILL.md and references/guide.md direct the agent to process untrusted external data including READMEs, Wiki pages, Issue trackers, and Pull Request descriptions. 2. Boundary markers: No delimiters or instructions are provided to separate data from commands. 3. Capability inventory: The agent typically maintains read and execute permissions to analyze repositories; a malicious actor could exploit this to trigger unauthorized actions. 4. Sanitization: No sanitization is performed on analyzed content.
- CREDENTIALS_UNSAFE (MEDIUM): The references/guide.md file explicitly instructs the agent to check environment variables and configuration settings. This increases the risk of the agent accessing and potentially exposing sensitive secrets found within the target repository.
Recommendations
- AI detected serious security threats
Audit Metadata