state-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill presents a high vulnerability surface for indirect prompt injection. It is designed to read and analyze external files using 'Read', 'Grep', and 'Glob' tools, and it has the authority to 'Write' and 'Edit' files. This combination allows an attacker to embed malicious instructions within code comments or metadata of the files being analyzed, which the agent might follow to modify the codebase or exfiltrate data. * Ingestion points: Uses 'Read', 'Grep', and 'Glob' tools to ingest untrusted local source code as specified in metadata. * Boundary markers: Absent; there are no instructions to distinguish between code content to be analyzed and instructions to the agent. * Capability inventory: Metadata grants 'Write' and 'Edit' permissions, enabling side effects on the filesystem. * Sanitization: Absent; no logic is defined to filter or escape instructions found within processed files.
- [NO_CODE] (LOW): The skill consists exclusively of markdown documentation and metadata; no executable scripts or dependency files were provided for analysis.
Recommendations
- AI detected serious security threats
Audit Metadata