no-workarounds
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves processing untrusted engineering artifacts.\n
- Ingestion points: The agent is instructed to ingest source code, test failure logs, and pull request descriptions (SKILL.md).\n
- Boundary markers: There are no instructions to use XML tags, delimiters, or other techniques to isolate ingested data from the agent's system prompt.\n
- Capability inventory: No executable scripts are included in the skill files, but the skill is designed for agents that typically have file-system and terminal access.\n
- Sanitization: The skill lacks instructions for sanitizing or escaping the content of external inputs before analysis.\n- [NO_CODE]: The skill is composed entirely of markdown instructions and reference files, with no executable code, scripts, or binary assets.
Audit Metadata