Skills
skills/popup-studio-ai/bkit-claude-code/audit/Gen Agent Trust Hub

audit

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill displays content from audit logs and decision traces, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Data is ingested from logs stored at .bkit/audit/YYYY-MM-DD.jsonl and .bkit/decisions/YYYY-MM-DD.jsonl (SKILL.md).
  • Boundary markers: The skill does not define explicit boundary markers or instructions to ignore embedded instructions when parsing and displaying log content.
  • Capability inventory: The skill has access to Bash, Grep, Read, and Glob tools (SKILL.md).
  • Sanitization: No sanitization, escaping, or validation of the log content is performed before presenting the data to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 10:30 AM