security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data (project codebase) using tools like
Read,Glob, andGrep. - Ingestion points: Source files from projects like 'yourbench' or 'coordinatr' are read into the context of five different security agents.
- Boundary markers: There are no explicit delimiters or system instructions defined to separate the audited code from the agent's operational instructions.
- Capability inventory: The skill possesses
Writepermissions (to generate reports) andTaskpermissions (to orchestrate sub-agents), which could be exploited if the agent follows instructions found within the audited files. - Sanitization: No evidence of sanitization or filtering of the source code content is provided before it is processed by the LLM, allowing for potential 'adversarial code' to influence findings or actions.
Recommendations
- AI detected serious security threats
Audit Metadata