runbook-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read and process untrusted data from a project's codebase, such as README files, configuration manifests, and code comments. An attacker could place malicious instructions within these files to manipulate the agent's actions.
- Ingestion points: Broadly scans the project using Read, Glob, and Grep tools (SKILL.md).
- Boundary markers: There are no instructions or delimiters defined to distinguish between data and instructions during the file analysis phase.
- Capability inventory: The skill is configured with powerful capabilities including Bash and Write tools, which increases the potential impact of a successful prompt injection attack (SKILL.md).
- Sanitization: The skill does not implement any validation or sanitization for the content it reads from the codebase.
- [DATA_EXFILTRATION]: The skill performs automated discovery of sensitive system architecture and security configurations.
- It is explicitly instructed to search for patterns related to secrets management, such as 'secret', 'vault', 'ssm', and 'kms' (SKILL.md).
- It analyzes infrastructure-as-code, environment variable templates, and deployment scripts which contain detailed operational metadata (SKILL.md).
Audit Metadata