security-threat-model
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill involves analyzing repository content which may contain sensitive data, but it includes explicit safety instructions to mitigate risks. In 'references/prompt-template.md', the agent is instructed to never output secrets and to redact tokens, keys, and passwords if encountered during analysis.
- [PROMPT_INJECTION]: The skill processes untrusted repository data, which serves as a potential surface for indirect prompt injection. This is mitigated by strict structural requirements and role definitions.
- Ingestion points: Code and configuration files within the user-specified repository path.
- Boundary markers: The prompt template utilizes Markdown fenced blocks and specific output sections to separate instructions from processed data.
- Capability inventory: The skill is restricted to reading workspace files and writing a Markdown report to a local file.
- Sanitization: Findings must be anchored to specific repository paths as evidence, and sensitive information must be redacted before being included in the final report.
- [COMMAND_EXECUTION]: The skill documentation suggests using 'rg' (ripgrep) for searching the codebase. This is a standard, read-only utility used appropriately here for security analysis and does not constitute a risk of arbitrary or destructive command execution.
Audit Metadata