memoization-helper
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to analyze external source code and has the authority to edit files, creating a significant attack surface for indirect prompt injection.\n- Ingestion points: Source code content is ingested via the Read, Grep, and Glob tools as specified in the allowed-tools metadata.\n- Boundary markers: Absent. The instructions do not define any delimiters or system-level directives to ignore instructions embedded within the code being analyzed.\n- Capability inventory: The Write and Edit tools allow the agent to perform permanent side effects on the filesystem based on decisions influenced by potentially malicious data.\n- Sanitization: Absent. No validation, escaping, or filtering of the input code is defined to prevent instructions from being interpreted as agent commands.
Recommendations
- AI detected serious security threats
Audit Metadata