audit
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from local files and git diffs to perform security audits. This creates a surface for indirect prompt injection where malicious instructions embedded in code or comments could subvert the audit process. * Ingestion points: Files and directories specified in SKILL.md via directory scanning and git diff commands. * Boundary markers: Absent; the prompt templates interpolate code directly without delimiters or 'ignore instructions' warnings. * Capability inventory: Relies on the Task tool and delegation to an LLM-based auditor agent. * Sanitization: No evidence of escaping or sanitizing the ingested source code before it is sent to the LLM context.
- No Code (SAFE): No external scripts or executable files are provided with the skill, which limits the attack surface to the logic within the prompt instructions themselves.
Audit Metadata