ln-601-semantic-content-auditor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes the content of untrusted project documents.
- Ingestion points: Project documents loaded via the
doc_pathvariable (e.g., architecture.md, api_spec.md). - Boundary markers: The skill looks for a specific
SCOPEcomment but does not employ delimiters or 'ignore' instructions for the rest of the document body. - Capability inventory: Access to
Bash,Read,Grep, andGlobtools with broad filesystem visibility. - Sanitization: None; document content is processed directly to generate scores and findings.
- COMMAND_EXECUTION (LOW): During the verification of
runbook.md, the instructions tell the agent to 'test command syntax'. This creates a risk where the agent might execute arbitrary shell commands provided within an audited document, potentially leading to unauthorized system actions if the document is compromised. - EXTERNAL_DOWNLOADS (SAFE): The
diagram.htmlfile includes a script tag pointing tocdn.jsdelivr.netfor the Mermaid library. While this is an external dependency from a non-whitelisted source, it is a standard library used solely for visual representation of the workflow and does not impact the agent's core execution environment.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata