Skills
skills/practicalswan/agent-skills/code-quality/Gen Agent Trust Hub

code-quality

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The self-evaluation patterns described in SKILL.md ingest external tasks and specifications directly into iterative LLM loops without sanitization or boundary markers, creating a surface for indirect prompt injection.\n
  • Ingestion points: The task and spec variables in the Part 3 code templates (SKILL.md).\n
  • Boundary markers: Absent; the provided templates do not use delimiters or instructions to disregard embedded malicious commands.\n
  • Capability inventory: The skill patterns include the ability to execute generated code and tests via the run_tests function.\n
  • Sanitization: No input validation, escaping, or filtering of external content is shown in the implementation examples.\n- [REMOTE_CODE_EXECUTION]: The CodeReflector pattern in SKILL.md promotes a generate-and-execute loop that executes LLM-generated code and tests. This dynamic execution of content created at runtime poses a significant security risk, as a compromised generation process (e.g., via prompt injection) could result in the execution of arbitrary and malicious code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 12:32 AM