irify-sast
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it reads and analyzes external source code. 1. Ingestion points: The Read, Glob, Grep, and ssa_compile tools as specified in SKILL.md. 2. Boundary markers: None specified in the skill body. 3. Capability inventory: Capabilities are limited to file system reading and static analysis tools (mcp__yaklang-ssa__ssa_compile, mcp__yaklang-ssa__ssa_query). 4. Sanitization: No sanitization methods are documented for the analyzed source code.
- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the installation and configuration of the yak CLI tool to run the MCP server. This is a vendor-provided tool from the author yaklang and represents expected functionality.
Audit Metadata