security-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function involves analyzing untrusted user-provided code files using the Read, Grep, and Glob tools. Since the skill also has access to the Bash and Task tools, malicious instructions embedded within the comments or strings of the code being audited could potentially manipulate the agent's behavior.
- Ingestion points: Tools
Read,Grep, andGloballow reading of arbitrary user content. - Boundary markers: No specific input boundary markers or delimiters are defined to separate code from instructions.
- Capability inventory: Tools
BashandTaskprovide execution capabilities that could be abused if the agent is misled by injected instructions. - Sanitization: The instructions lack explicit sanitization or filtering logic for processed code content.
- [PROMPT_INJECTION]: The skill metadata identifies 'Sentry' as the author and sentry.io as the homepage, while the authoring context for the skill is 'skillatlas'. This discrepancy in attribution is misleading and could lead to incorrect assumptions about the official origin and verification of the skill's logic.
Audit Metadata