data-flow
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input that could contain malicious instructions intended to manipulate the agent's behavior. Ingestion points: The 'description' argument in the '/sd:data-flow' command within SKILL.md. Boundary markers: Absent; there are no delimiters or instructions to treat the user-provided description as untrusted data. Capability inventory: The agent has access to 'Read', 'Glob', 'Grep', and 'Task' tools, which can be exploited if an injection attack succeeds. Sanitization: Absent; no input filtering, validation, or escaping is performed on the user-provided description.
- [NO_CODE]: The skill package does not contain any executable code files or scripts, limiting the attack surface to the agent's interpretation of instructions and tool usage.
Audit Metadata