Skills
skills/whynowlab/stack-skills/deep-dive-analyzer/Gen Agent Trust Hub

deep-dive-analyzer

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core purpose involves processing and analyzing untrusted content from files and system architectures.
  • Ingestion points: The skill ingests external data using the Read, Grep, Glob, and Bash tools during its analysis phases.
  • Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores or isolates instructions that might be embedded within the files or systems it is analyzing.
  • Capability inventory: The skill has access to powerful tools including Bash, Read, Grep, Glob, and Agent, which could be exploited if an injection is successful.
  • Sanitization: The instructions do not include steps for sanitizing, escaping, or validating the content of the analyzed files before they are processed by the agent.
  • [COMMAND_EXECUTION]: The skill is configured to use the Bash tool to perform technical deconstruction. While necessary for its stated purpose of 'System Analysis', this allows for the execution of arbitrary shell commands on the host environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:38 PM