zulip-cogen
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill transforms Zulip message content into executable artifacts (Python, Julia, Lean4), creating a surface for indirect prompt injection. Ingestion points: External message data from the ct_zulip_messages table in hatchery.duckdb. Boundary markers: Absent; the skill does not use delimiters to isolate message content from the generation logic. Capability inventory: Generation of executable code across multiple languages. Sanitization: No filtering or escaping of message content is performed.
- [Command Execution] (SAFE): SQL queries are performed using parameterized statements with DuckDB, which is a best practice against SQL injection.
Audit Metadata