security-threat-model
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from the repository being modeled to generate its analysis. \n
- Ingestion points: Primary components, data stores, and source code extracted from the repository root or in-scope paths (SKILL.md). \n
- Boundary markers: Absent; the instructions do not define clear delimiters or use 'ignore embedded instructions' patterns when processing the repository content. \n
- Capability inventory: The skill possesses the capability to write a Markdown file to the local file system (SKILL.md Step 8). \n
- Sanitization: There is no evidence of sanitization, escaping, or validation of the ingested repository content before it is processed by the model.
Audit Metadata