detect-project
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the GitHub MCP server to inspect remote repository contents through API calls rather than performing local clones of untrusted code, significantly reducing the risk of accidental execution of malicious scripts.
- [SAFE]: All recommended builder images are sourced from the trusted registry.access.redhat.com domain, which is an official Red Hat service.
- [PROMPT_INJECTION]: The skill ingests untrusted metadata from project configuration files (such as package.json and pom.xml) which represents an indirect prompt injection surface. Evidence: 1. Ingestion points: remote file content read via github-mcp-server (SKILL.md); 2. Boundary markers: absent during the automated file analysis phase; 3. Capability inventory: populates variables like LANGUAGE and VERSION for downstream build skills (SKILL.md); 4. Sanitization: mitigated through a mandatory human-in-the-loop verification step where the user must approve detected parameters.
Audit Metadata