deep-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Susceptibility to Indirect Prompt Injection via untrusted data ingestion.
- Ingestion points: The instructions in Phase 1 (Discovery) and Phase 3 (Deep Analysis) direct the agent to recursively list and read all files, directories, and configuration manifests within an external codebase.
- Boundary markers: The skill lacks delimiters (e.g., XML tags or markdown blocks) or explicit 'ignore embedded instructions' warnings when processing code, which makes the agent vulnerable to instructions hidden in code comments, strings, or README files.
- Capability inventory: The agent is tasked with reading files and generating a structured 'Security Audit Report.' While the skill doesn't include exfiltration logic, an indirect injection could attempt to trick the agent into misreporting findings or ignoring malicious code.
- Sanitization: There are no requirements to sanitize, escape, or validate the content extracted from the external codebase before the agent processes it.
- SAFE (SAFE): No malicious code or patterns detected within the skill's own logic. The skill does not contain obfuscation, hardcoded credentials, unauthorized network calls, or remote code execution patterns. Its methodology for secret scanning and injection analysis follows standard security auditing practices.
Audit Metadata