review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted code provided via the $ARGUMENTS variable without sufficient isolation markers.
- Ingestion points: Untrusted data enters the agent context through the $ARGUMENTS variable in SKILL.md.
- Boundary markers: The prompt lacks explicit delimiters or instructions to treat the ingested content as data only, which could allow embedded instructions to override the agent's behavior.
- Capability inventory: No dangerous capabilities such as network access, file system modifications, or subprocess execution were identified.
- Sanitization: There is no evidence of input sanitization or filtering to mitigate malicious content in the input code.
Audit Metadata