audit-drift
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface due to the combination of analyzing untrusted external content and possessing file-modification capabilities.
- Ingestion points: The skill instructs the agent to ingest and analyze various external code artifacts such as 'reducers, stores, components, forms, API handlers, jobs, models, or database-backed workflows' (SKILL.md).
- Boundary markers: There are no explicit instructions for the agent to use delimiters or specific ignore-rules when processing the content of these files, which could lead to the agent following malicious instructions embedded in the source code.
- Capability inventory: The skill grants the agent the authority to 'Auto-fix' code, which involves writing changes to the local file system (SKILL.md).
- Sanitization: The instructions do not define any sanitization, validation, or escaping processes for the external data being analyzed.
Audit Metadata