feature
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection.
- Ingestion points: The skill instructions direct the agent to read local project files such as README.md, CLAUDE.md, package.json, and source code files to understand the codebase.
- Boundary markers: There are no specific delimiters or protective instructions provided to ensure the agent ignores potentially malicious instructions embedded within these external files.
- Capability inventory: The skill has access to powerful tools including Bash, Write, and Read.
- Sanitization: The content retrieved from local files is processed directly by the reasoning model without validation or sanitization, creating a surface where an attacker could influence agent behavior via content in the repository.
Audit Metadata