leiloeiro-edital
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. 1. Ingestion points: The skill is designed to analyze external auction notices (editais) provided by users. 2. Boundary markers: The instructions lack explicit delimiters or guidance to isolate untrusted data from the agent's core logic. 3. Capability inventory: The skill metadata references tools with execution capabilities such as claude-code and gemini-cli. 4. Sanitization: No sanitization or validation of the ingested text is implemented before analysis.
- [SAFE]: Metadata and Documentation Inconsistency. The skill metadata and documentation list 'renat' as the author and include absolute Windows file paths (C:\Users\renat...), while the system identifies the author as 'sickn33'. This is identified as a best-practice violation regarding metadata management rather than a security threat.
Audit Metadata