code-auditing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's architecture presents a surface for indirect prompt injection as it processes external source code and possesses the authority to perform file-system modifications.\n
- Ingestion points: Source code files processed during analysis in REVIEW, AUDIT, and SIMPLIFY modes.\n
- Boundary markers: Absent. The instructions do not define specific delimiters or directives to ignore embedded instructions within the processed code files.\n
- Capability inventory: Use of
replace_file_contentfor file modification andgrep_searchfor reading code patterns as described in SKILL.md and audit-guide.md.\n - Sanitization: Absent. The skill does not specify any sanitization or validation logic for external content before it is used to influence code refactoring or auditing outputs.
Audit Metadata