naming-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted source code. Without explicit boundary markers or sanitization instructions, it is susceptible to malicious instructions embedded in code comments or identifiers. \n
- Ingestion points: Target source files, directory structures, and identifier names provided for analysis (SKILL.md). \n
- Boundary markers: Absent. There are no instructions to the agent to distinguish between the code being analyzed and potential instructions embedded within that code. \n
- Capability inventory: Generation of textual analysis reports and refactoring scripts. \n
- Sanitization: Absent. The skill processes input text directly to extract and evaluate naming patterns. \n- [No Code] (SAFE): The skill consists entirely of markdown instruction files and documentation (README.md, SKILL.md). It does not distribute scripts, binaries, or configuration files that would execute on the host system.
Audit Metadata