deep-audit
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes external code artifacts through specialized auditor agents. 1. Ingestion points: The skill reads file content using the
Read,Glob, andGreptools to populate the{conversation_context}and{scope_description}variables. 2. Boundary markers: The agent templates for the Security, Accessibility, and Code Standards auditors lack explicit delimiters or markers to isolate the audited content from instructions. 3. Capability inventory: The skill has the capability to spawn sub-agents via theTasktool, write reports via theWritetool, and perform limited filesystem operations usingBash. 4. Sanitization: No sanitization or content escaping is implemented before data is passed to the sub-agents. - [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for users to resolve dependencies by cloning from the author's official GitHub repository at github.com/mikeng-io/agent-skills.
- [COMMAND_EXECUTION]: The skill is granted permission to execute specific Bash commands (
git,ls, andmkdir) to verify the local environment and manage audit output directories.
Audit Metadata