Skills
skills/prowler-cloud/prowler/prowler-compliance-review/Gen Agent Trust Hub

prowler-compliance-review

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill is designed to process untrusted compliance JSON data provided in Pull Requests.\n
  • Ingestion points: Compliance JSON files parsed in validate_compliance.py and referenced in SKILL.md shell templates.\n
  • Boundary markers: Absent; the skill does not define clear delimiters or instructions to the agent to disregard instructions embedded within the compliance data.\n
  • Capability inventory: The skill allows the use of Bash, Write, Edit, and WebFetch tools, which could be exploited if an injection is successful.\n
  • Sanitization: The validate_compliance.py script validates JSON structure and check ID existence but does not sanitize text fields (Description, Rationale, etc.) for malicious prompt instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:09 PM