prowler-provider
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill demonstrates an indirect prompt injection surface through the use of unvalidated template variables in command-line examples and code templates. \n
- Ingestion points: Variables such as {provider}, {service}, and {Resource} in SKILL.md and Python templates. \n
- Boundary markers: Absent; there are no specific markers or instructions to treat these variables as untrusted data. \n
- Capability inventory: The skill utilizes Bash, Write, and Edit tools, which could be misused if malicious input is interpolated into commands or file paths. \n
- Sanitization: None; the templates do not include logic for sanitizing or validating the contents of the placeholders. \n- SAFE (SAFE): No instances of obfuscation, hardcoded secrets, or malicious remote code execution were found in the provided templates or documentation.
Audit Metadata