check-product-standards
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data by searching project source code files using ripgrep. 1. Ingestion points: Project files (.tsx, .jsx, .ts) are searched via the
rgcommand as defined in the Audit Process. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present when processing file content. 3. Capability inventory: The skill usesrgfor read-only searching and suggests human-driven issue creation based on results. 4. Sanitization: None. Malicious instructions embedded in source code comments could theoretically influence the agent's audit report or reasoning. - [Prompt Injection] (SAFE): No instructions were found that attempt to override system safety or agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths or unauthorized network operations were detected.
- [Obfuscation] (SAFE): No encoded or hidden content was identified.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download or execute external packages or remote scripts.
Audit Metadata