sast-ssrf
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for Indirect Prompt Injection (Category 8) because it instructs the agent to ingest and analyze untrusted source code from a repository. Adversarial content embedded in comments or strings within the audited project could attempt to influence the agent's analysis results or report generation. Evidence Chain: 1. Ingestion points: Project source code and 'sast/architecture.md'. 2. Boundary markers: Absent (the subagent instructions do not include specific delimiters or warnings to ignore embedded commands). 3. Capability inventory: The agent is tasked with file-system searching and writing markdown reports ('sast/ssrf-results.md'). 4. Sanitization: Absent (the skill processes raw code content directly without sanitization).
Audit Metadata