snyk-agent-scan-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides comprehensive guidance on remediating security alerts (W001, W011, W012) by restructuring skill content. These practices—such as version pinning, moving installs to frontmatter, and removing explicit tool names from prose—are defensive measures aligned with security best practices for AI agents.
- [PROMPT_INJECTION]: The skill's primary function involves analyzing and modifying third-party skill files, which establishes an indirect prompt injection surface. A malicious skill file could attempt to influence the agent's behavior during the compliance review process.
- Ingestion points: The skill processes all files within a target skill directory, including
SKILL.md,references/, andassets/. - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the content being analyzed.
- Capability inventory: The skill is granted significant permissions, including
Read,Edit,Write, andBash(scoped togit,uv, anduvx). - Sanitization: No specific input validation or sanitization routines are mentioned for the ingested skill content.
Audit Metadata