playstore-submission-content
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing untrusted data from project files without boundary markers or content sanitization.\n
- Ingestion points: Extracts information from
build.gradle,AndroidManifest.xml,README.md, and source code comments.\n - Boundary markers: Does not specify delimiters or instructions to isolate external content from the prompt's instructions.\n
- Capability inventory: Performs file-system read operations to gather app metadata and configuration.\n
- Sanitization: No validation or filtering is applied to the data retrieved from the codebase before processing.
Audit Metadata