query-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill identifies a significant attack surface where untrusted data (React components/code) is processed and acted upon.
- Ingestion points: The skill uses
Read,Grep, andGlobtools to ingest existing codebase content (SKILL.md). - Boundary markers: No explicit instructions are provided to the agent to ignore or delimit instructions found within the code being analyzed.
- Capability inventory: The skill is granted
WriteandEditpermissions, allowing it to modify the filesystem based on its analysis. - Sanitization: There is no evidence of sanitization or validation of the content being read before it influences the agent's output or actions. A malicious actor could embed instructions in code comments to manipulate the agent into performing unauthorized file modifications.
Recommendations
- AI detected serious security threats
Audit Metadata