agentic-layer-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests data from external codebase directories (e.g., .claude/commands/, specs/, adws/) which constitutes an indirect prompt injection surface. While it does not execute the code it finds, the agent's report could be influenced by malicious instructions embedded in the audited files.
- Ingestion points: Read/Grep operations on project directories and markdown templates.
- Boundary markers: None identified in the prompt instructions to distinguish data from instructions.
- Capability inventory: Restricted to read-only tools (Read, Grep, Glob). No write, network, or execution capabilities are requested.
- Sanitization: No explicit sanitization or instruction-ignoring delimiters are used for the processed content.
- Data Exposure & Exfiltration (SAFE): The skill targets internal project directories related to automation workflows. It does not attempt to access known sensitive system paths like SSH keys or cloud provider credentials.
- Command Execution (SAFE): The skill only uses file-system discovery tools (Grep, Glob, Read). It does not request shell execution or subprocess spawning.
Audit Metadata