Skills
skills/svenja-dev/claude-code-skills/multi-llm-advisor/Gen Agent Trust Hub

multi-llm-advisor

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection where malicious instructions embedded in the analyzed code could influence the downstream LLM responses.
  • Ingestion points: User-provided content is interpolated into templates via {context}, {code}, {error}, and {question} in SKILL.md.
  • Boundary markers: Absent. The prompt templates do not utilize delimiters (like XML tags or triple quotes) or system instructions to ignore commands within the injected data.
  • Capability inventory: The skill possesses the capability to perform network requests to external API endpoints.
  • Sanitization: Absent. There is no evidence of escaping or filtering logic for the interpolated data.
  • [DATA_EXFILTRATION] (LOW): The skill transmits sensitive project information, including file lists and source code, to non-whitelisted external domains (OpenAI and Google).
  • Evidence: The SKILL.md file documentation explicitly states the transmission of code and context to Codex and Gemini APIs.
  • Mitigation: While this is the intended primary purpose of the 'Multi-LLM Advisor', it constitutes a data exposure risk that should be monitored for sensitive projects.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:20 PM