comment-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It is designed to ingest and analyze untrusted text from code comments in external source files.
- Ingestion points: Source files accessed via Read, Grep, and Glob tools as specified in the Analysis Workflow.
- Boundary markers: None. The instructions lack delimiters or system-level directives to treat code comments as data rather than instructions.
- Capability inventory: The skill is granted access to the Bash tool, providing a high-privilege execution environment that can be exploited if an injection succeeds.
- Sanitization: None. Data is read directly into the model's context for evaluation.
- [COMMAND_EXECUTION] (MEDIUM): The skill uses the Bash tool to perform local file system operations and Git history checks. While the intended use (grep, git log) is benign, the presence of an open shell tool combined with the Indirect Prompt Injection surface significantly elevates the risk profile.
Recommendations
- AI detected serious security threats
Audit Metadata