attributes-collect
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes various files from the codebase (such as README.md and configuration files) which could contain malicious instructions.
- Ingestion points: The skill uses Read, Glob, and Grep to ingest content from project files like README.md, CLAUDE.md, and CI/CD configurations.
- Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions found within the analyzed files.
- Capability inventory: The agent has access to file reading tools, restricted bash commands (test, wc), and file writing via TodoWrite.
- Sanitization: No sanitization of the file content is performed before the agent processes the information to generate the JSON report.
Audit Metadata