security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill requires the agent to ingest and analyze untrusted data, such as application source code, configuration files, and environment variables. This creates an indirect prompt injection vulnerability surface where malicious instructions hidden in the audited files could influence agent behavior.
- Ingestion points: External source code (/app), infrastructure-as-code templates, and environment variables.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions within the processed data.
- Capability inventory: The workflow involves reading local files, environment variables, and executing external scanning tools like Prowler or OWASP ZAP.
- Sanitization: Absent. The skill does not define methods for sanitizing or escaping content before the agent processes it.
Audit Metadata