software-clean-code-standard
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a 'Trend Awareness Protocol' that requires the agent to ingest and act upon information from external web searches (e.g., 'clean code best practices 2026') triggered by user input. This creates an indirect prompt injection surface where untrusted data from the web could contain malicious instructions designed to influence the agent.
- Ingestion points: External web search results and remote content referenced in
data/sources.json. - Boundary markers: There are no instructions or delimiters defined to separate the untrusted search results from the system instructions or to warn the agent to ignore instructions embedded in that data.
- Capability inventory: The skill is designed to guide the agent in using web search tools to provide updated technical recommendations.
- Sanitization: No mechanisms for sanitizing, filtering, or validating the content of the search results are described.
Audit Metadata