check-landing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses bash commands (
grep,test,echo) to audit local project files. These operations are restricted to read-only file inspection and do not involve executing downloaded or untrusted scripts.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests and processes content from local files (e.g.,app/page.tsx,components/) that could be modified by an attacker to include hidden instructions.\n - Ingestion points: Files in
app/,components/, andpages/viagrepoutput.\n - Boundary markers: Absent; there are no delimiters to separate code content from instructions.\n
- Capability inventory: File system read access via
grep.\n - Sanitization: Absent; the content is passed to the agent without escaping or filtering.
Audit Metadata