shinka-inspect
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The logic correctly implements the stated purpose of program inspection and reporting.
- [PROMPT_INJECTION]: The skill processes untrusted data (code snippets and feedback) from a database and prepares it for agent context, creating a surface for indirect prompt injection. 1. Ingestion points: Database read in
scripts/inspect_best_programs.py. 2. Boundary markers: Uses markdown code blocks. 3. Capability inventory: File-system read/write. 4. Sanitization: Truncation is applied to code blocks, but no content filtering is performed. - [COMMAND_EXECUTION]: The code utilizes standard file operations and the
pandaslibrary for data analysis. No high-risk command execution patterns were found.
Audit Metadata