pattern-detection
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to ingest and analyze untrusted external content (source code files) via tools like Grep and Read. This creates a surface where an attacker can embed malicious instructions in code comments to manipulate the agent's analysis report.
- Ingestion points: Steps 1-3 use shell commands to read all files (
**/*). - Boundary markers: Absent. The instructions do not define delimiters for untrusted content.
- Capability inventory: The skill generates a structured 'Pattern Detection Report' and categorizes findings.
- Sanitization: Absent. The skill does not escape or filter external code content before processing.
- [Metadata Poisoning] (MEDIUM): The skill metadata claims to perform 'AST analysis', yet the provided instructions and implementation logic rely solely on line-based regex (
grep) and standard Python string/regex operations. This discrepancy is misleading regarding the skill's actual security depth. - [Data Exposure] (LOW): The skill's intended purpose is to identify sensitive data like AWS keys and passwords (Step 2). While this is a security feature, it increases the risk of sensitive data exposure if the agent's output is directed to insecure channels or logs.
Audit Metadata