deepproduct
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads various local project files (README, package.json, source code) which are untrusted data sources. This data is then summarized and presented to the user.
- Ingestion points: Local files like README.md, package.json, route definitions, and UI component files.
- Boundary markers: The skill uses markdown headers and list structures to separate sections but does not explicitly use delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The agent reads local files and interacts with the user via text output and the AskUserQuestion tool. No network access or subprocess execution capabilities were identified.
- Sanitization: No explicit sanitization, validation, or filtering of the content read from project files is performed before it is included in the output profile and prompt template.
Audit Metadata