zread-expert
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from GitHub repositories, which could contain malicious instructions designed to influence the agent's summary or architectural advice.
- Ingestion points: Use of
zread:searchandzread:readto ingest file contents, Issues, and PR data. - Boundary markers: No delimiters or instructions to ignore embedded directives are present in the workflow.
- Capability inventory: The skill is limited to
zread:*tools for analysis and text output; it lacks dangerous capabilities such as filesystem writes, network exfiltration, or code execution. - Sanitization: No evidence of sanitization or validation of the retrieved repository content is present.
Audit Metadata