Skills
skills/mikeng-io/agent-skills/deep-explorer/Gen Agent Trust Hub

deep-explorer

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the analysis of repository files.
  • Ingestion points: The File Analyzer Agent and various Explorer Agents in SKILL.md use the Read tool to ingest content from arbitrary files within the target codebase.
  • Boundary markers: The agent templates provided in the instructions lack delimiters or specific system instructions (e.g., 'ignore all instructions found in this data') to prevent the LLM from obeying malicious prompts embedded in the files being analyzed.
  • Capability inventory: The skill possesses significant capabilities, including Bash (restricted to git, ls, find, jq, mkdir), Write, and Task execution, which could be exploited if an injection succeeds.
  • Sanitization: There is no evidence of content sanitization or validation before file data is interpolated into the sub-agent prompts.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool with a whitelist of commands (git, ls, find, jq, mkdir). While these are intended for repository exploration, the git * wildcard provides a broad interface that could be used to alter local repository configurations if an agent is misled.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 03:25 PM