insecure-defaults
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves ingesting and analyzing untrusted data from user project files.
- Ingestion points: The agent uses tools like
Grep,Read, andBashto examine files within the user's repository during discovery and verification (e.g., searching for secrets in**/config/,**/auth/, and.envfiles). - Boundary markers: The instructions do not define delimiters or provide "ignore embedded instructions" warnings for the agent when processing external file content.
- Capability inventory: The skill allows the use of
Bash,Read,Grep, andGlobtools, providing a range of file system access and execution capabilities. - Sanitization: There are no instructions for sanitizing or escaping content extracted from user files before it is processed by the agent's logic or included in the final security report.
- [COMMAND_EXECUTION]: The skill explicitly permits the use of the
Bashtool for project discovery and runtime behavior verification. While the skill's instructions do not include specific malicious scripts, the availability of a shell expands the potential attack surface if the agent is manipulated via indirect prompt injection.
Audit Metadata