infrahub-repo-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the repository being audited, creating an indirect prompt injection surface. Malicious instructions placed in repository files (such as YAML comments or Python strings) could attempt to influence the agent's audit logic or report output.
- Ingestion points: The skill reads
.infrahub.yml, schema files (YAML), object data files (YAML), Python scripts for checks/generators/transforms, GraphQL queries (.gql), and Jinja2 templates (.j2) as described inaudit-procedure.mdand therules/directory. - Boundary markers: The skill does not define specific delimiters or explicit instructions to treat repository content as untrusted data separate from the agent's internal logic.
- Capability inventory: The skill is designed to read local files, execute domain-specific CLI tools like
infrahubctl(implied in Phase 2.9), and write a markdown report (AUDIT_REPORT.md). No network access or sensitive data exfiltration behaviors were identified. - Sanitization: No explicit sanitization or validation of the repository content is performed before the agent processes it or includes it in the final report output.
Audit Metadata