graphicode-junior-engineer-ts-algorithm
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to suppress its standard explanatory output after completing its task, which reduces transparency and oversight.
- [COMMAND_EXECUTION]: The agent uses shell commands to read and write files within the project directory. This capability allows the agent to modify the local file system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external files to generate code without sufficient sanitization.
- Ingestion points: The agent reads content from algorithm README files located in user-provided directories using the cat command.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external file content as untrusted data rather than instructions.
- Capability inventory: The agent has the ability to write generated code back to the file system using the echo command.
- Sanitization: There is no mechanism to validate or sanitize the instructions contained within the external README files before they are used to influence the generated code.
Audit Metadata