agent-health-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and interpret external, untrusted data to generate health reports.
- Ingestion points: Source code, project documentation, and test logs accessed through the Read, Grep, and Bash tools.
- Boundary markers: There are no specific delimiters or instructions provided to the agent to disregard embedded commands in the files being analyzed.
- Capability inventory: The agent has significant capabilities including command execution via Bash, file system traversal (LS, Glob), and external information gathering via brave_web_search.
- Sanitization: No input validation or escaping logic is implemented to sanitize data before it is processed.
- [COMMAND_EXECUTION]: The skill methodology utilizes the Bash tool to automatically run tests, security scans, and benchmarks as part of its primary monitoring function.
Audit Metadata