regex-tester
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted regular expression patterns and target text.
- Ingestion points: The scripts/regex.js tool accepts external input through the --pattern and --text arguments.
- Boundary markers: The script does not utilize delimiters or specific instructions to prevent the regex engine from being overwhelmed by malicious patterns.
- Capability inventory: The script performs regex matching (exec), validation (new RegExp), and replacement (replace). It does not have access to the file system, network, or other sensitive capabilities.
- Sanitization: No sanitization is performed on the input pattern to detect or prevent 'catastrophic backtracking' patterns which could cause a denial-of-service condition (ReDoS).
Audit Metadata