detect-product
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from an external repository and uses findings to update the agent's context files and plugin configuration.
- Ingestion points: The skill performs extensive scanning of the target repository (repo_path) using Glob and Grep tools across Phase 1 (Steps 1-5).
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' markers are specified for the content extracted from the code files.
- Capability inventory: The skill is granted 'Edit' permissions on 'jaan-to/config/settings.yaml' and '$JAAN_CONTEXT_DIR/', as well as 'Write' access to '$JAAN_OUTPUTS_DIR/'.
- Sanitization: The skill relies on a 'Seed Reconciliation' step (Step 7a) which presents discrepancies to the user and requires explicit approval ('[y/n]') before performing auto-updates to context files.
- [COMMAND_EXECUTION]: The skill uses the Bash tool in Step 0 to identify platform structures within the repository. While this is a standard operational task for repo analysis, it involves executing shell commands to process directory listings and detect monorepo markers.
Audit Metadata