security-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to its core functionality of reading and interpreting untrusted code files.
- Ingestion points: The
SKILL.mdworkflow instructs the agent to 'inspect the repo' and 'identify ALL languages and ALL frameworks' by reading the project's source files. - Boundary markers: There are no instructions to the agent to distinguish between the code data and potential instructions embedded in comments or strings within the files it reviews.
- Capability inventory: The skill can write a security report (
security_best_practices_report.md) and is authorized to 'perform fixes' on the codebase, which could allow a malicious file to trigger unauthorized code changes. - Sanitization: No input validation or sanitization is required for the file content being analyzed.
- [PROMPT_INJECTION]: The 'Overrides' section in
SKILL.mdinstructs the agent to 'bypass or override these practices' if the user asks and tells the agent to 'not fight with them.' This essentially allows a direct prompt to override the primary security-focused purpose of the skill.
Audit Metadata