infra-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The README references an external installation source (github.com/yarlson/skills) not included in the trusted organizations list.
- [PROMPT_INJECTION] (LOW): Surface for Indirect Prompt Injection detected (Category 8). Evidence: 1. Ingestion point: IaC files (mentioned in README). 2. Boundary markers: Absent/Not specified. 3. Capability inventory: Reviewing IAM policies, network exposure, and destructive changes. 4. Sanitization: Absent/Not specified.
Audit Metadata