agent-detector
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs authoritative instructions in its metadata description ("CRITICAL: MUST run for EVERY message. Always runs FIRST.") and sets priority to "highest" to influence the agent's execution flow and override standard selection behavior.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its automated project detection logic:
- Ingestion points: The skill attempts to read and parse several repository configuration files, including 'package.json', 'composer.json', 'go.mod', and '.claude/project-contexts/'.
- Boundary markers: There are no defined delimiters or instructions to ignore embedded prompts within the project files being analyzed.
- Capability inventory: The skill can spawn new tasks using the 'Task' tool and has the authority to select specific AI models, including 'opus', for subsequent phases.
- Sanitization: The analysis process does not include explicit validation or sanitization of the content found within the scanned project files, allowing potentially malicious instructions in a 'package.json' or 'README.md' to influence the routing or model selection logic.
Audit Metadata