Skills
NYC
skills/microck/ordinary-claude-skills/security-audit-example/Gen Agent Trust Hub

security-audit-example

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface.
  • Ingestion points: The skill uses read_file and grep_search tools to ingest untrusted data (source code) into the agent context for auditing.
  • Boundary markers: Absent. The instructions do not define delimiters or warnings to prevent the agent from following instructions embedded within the files being audited.
  • Capability inventory: The skill is limited to read_file, grep_search, and list_directory. It lacks high-risk capabilities such as network access or shell execution, which significantly limits the potential impact of a prompt injection attack.
  • Sanitization: Absent. There is no mention of sanitizing or escaping the content of files before they are processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM