deep-read
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because its core function is to systematically read and reason about untrusted source code from a repository. This could allow malicious instructions embedded in source code files to influence the agent's reasoning process.
- [PROMPT_INJECTION]: Evidence Chain:
- Ingestion points: The agent reads codebase files including source code, configuration files (e.g., package.json, requirements.txt), and environment schemas during the scoping and deep-reading phases.
- Boundary markers: The protocol does not define specific delimiters or defensive prompts to distinguish between data and instructions within the processed files.
- Capability inventory: The skill is limited to information gathering and reasoning tools (Glob, Grep, Read, AskUserQuestion, and sequential-thinking). It does not have access to shell execution, file-system modification, or network-enabled tools.
- Sanitization: No sanitization or escaping mechanisms are implemented for handling the content of the files being read.
Audit Metadata