defender
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design as it ingests untrusted data to be analyzed by an AI subagent.
- Ingestion points: The skill accepts pentesting findings via the $ARGUMENTS variable and is instructed to review scan results from the local project directory.
- Boundary markers: No delimiters, XML tags, or specific instructions are provided to help the subagent distinguish between its core instructions and the potentially adversarial content within the findings.
- Capability inventory: The skill specifies the subagent should review available scan results, which involves file system read access to the project workspace.
- Sanitization: There is no sanitization, escaping, or validation of the input data before it is handed off to the defender agent.
Audit Metadata