caching-cdn-strategy-planner
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides code templates that process untrusted input (e.g., req.params.id). While these are instructional examples, they lack input validation/sanitization which could lead to injection vulnerabilities if implemented directly. 1. Ingestion points: req.params.id and req.body are used in code examples in SKILL.md. 2. Boundary markers: No explicit delimiters or boundary markers are defined in the templates. 3. Capability inventory: The code examples demonstrate interactions with Redis (ioredis), CloudFront (createInvalidation), and Database (Prisma). 4. Sanitization: No sanitization or validation logic is present in the templates.
- [Data Exposure] (INFO): The provided code templates correctly utilize environment variables for configuration instead of hardcoding sensitive credentials.
Audit Metadata