agent-native-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill has a significant attack surface for indirect prompt injection because its primary function is to ingest and process untrusted codebase content.
- Ingestion points: Step 2 in
SKILL.mduses sub-agents to search and read all files, including API calls, tool definitions, and agent prompts. - Boundary markers: The instructions lack delimiters or constraints to prevent sub-agents from executing instructions found within the processed files.
- Capability inventory: The sub-agents utilize the
Task toolwithsubagent_type: Explore, providing broad file-level read access. - Sanitization: No sanitization or safety-filtering is applied to the content being audited.
- [Unverifiable Dependencies] (LOW): The skill workflow depends on an external skill,
/compound-engineering:agent-native-architecture, which is not from a trusted source or organization.
Audit Metadata