deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read and interpret content from a local codebase, which is a vector for indirect prompt injection.\n
- Ingestion points: The 'deep research' operation reads files and analyzes code structure (SKILL.md).\n
- Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the analyzed files.\n
- Capability inventory: The skill is restricted to reading local files and writing documentation to a local directory; it cannot execute commands or access the network.\n
- Sanitization: There is no evidence of filtering or validation of the content read from files.\n- [NO_CODE]: This skill consists of a single markdown file containing instructions and does not include any scripts, binaries, or configuration files.
Audit Metadata