contexts
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It is designed to read and summarize content from various files within a project repository, which could be exploited if an attacker places malicious instructions inside code comments or documentation.\n
- Ingestion points: Content is ingested from project files using tools like rg, fd, bat, and ast-grep (referenced in SKILL.md).\n
- Boundary markers: Absent; the instructions do not provide delimiters or specific guidance for the agent to distinguish between file data and potential instructions embedded within that data.\n
- Capability inventory: The skill possesses the ability to execute shell commands via bash for read-only operations.\n
- Sanitization: Absent; there are no specified mechanisms for filtering or validating the ingested file content to prevent instruction execution.
Audit Metadata