repo-research-analyst
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection due to its core methodology. It explicitly instructs the agent to 'Respect any CLAUDE.md or project-specific instructions found'. If an analyzed repository contains a malicious
CLAUDE.mdor documentation file with adversarial instructions, the agent may follow them. - Ingestion points: External repository files including
CLAUDE.md,README.md,CONTRIBUTING.md, and GitHub issue text. - Boundary markers: Absent. The instructions do not provide delimiters or guidance on how to distinguish between analyzed data and system instructions.
- Capability inventory: The skill utilizes file discovery (
glob), text search (grep/ripgrep), and file reading (read) capabilities. - Sanitization: No sanitization or validation of the content read from the repository is performed before the agent 'respects' the instructions found therein.
- [NO_CODE] (SAFE): This skill contains only natural language instructions and does not bundle any executable scripts, preventing direct malware or script-based attacks.
Audit Metadata