security
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external source code via the [SCOPE] parameter.
- Ingestion points: Codebase content is passed into subagent prompts in Phase 1 and Phase 2.
- Boundary markers: None are defined to separate code from instructions, making the agent vulnerable to instructions hidden within comments or strings in the analyzed code.
- Capability inventory: The agent is authorized to run security tests and audits (e.g., npm audit, pip audit) on the codebase.
- Sanitization: No sanitization or validation of the analyzed content is performed prior to processing.
- Command Execution (MEDIUM): Phase 2 directs the agent to execute security tests and dependency audits on the target codebase. Running automated tests or scripts from an untrusted repository can lead to local code execution on the system running the agent if not properly sandboxed.
Recommendations
- AI detected serious security threats
Audit Metadata