aep
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design, which involves reading and interpreting untrusted data from a codebase.
- Ingestion points: Phase 2 (Explore) instructs the agent to use
Glob,Grep, andReadtools to investigate external files within the project codebase. - Boundary markers: The instructions do not define delimiters or provide warnings to the agent to disregard instructions found within the files it analyzes.
- Capability inventory: The skill leverages standard file system tools and interacts with local environment configurations.
- Sanitization: No mechanisms for escaping or validating the content of the ingested code are present, allowing potential malicious instructions in a repository to influence the agent's behavior.
- [COMMAND_EXECUTION]: The exploration phase utilizes the
git logcommand to extract context regarding recent changes in the repository. This is an expected and standard behavior for development-focused skills.
Audit Metadata