detect-dev
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) by design.
- Ingestion points: The skill ingests untrusted data from the repository being audited, including manifest files (package.json, go.mod), Dockerfiles, and CI/CD pipeline configurations (Steps 2-7).
- Boundary markers: The skill does not define specific boundary markers or instructions for the agent to ignore embedded commands within the files it reads.
- Capability inventory: The skill possesses the capability to execute restricted git commands via Bash, Write to the outputs directory, and Edit sensitive configuration files such as jaan-to/config/settings.yaml and the project's tech.md seed file.
- Sanitization: There is no mention of sanitization, escaping, or validation of the data extracted from the external repository files before it is processed or used to generate outputs.
Audit Metadata