deepinit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a high vulnerability to Indirect Prompt Injection (Category 8). It ingests untrusted data from the repository and uses it to populate sections titled 'For AI Agents', which serve as instructions for future agentic operations.
- Ingestion points: In 'Step 3: Generate Level by Level', the skill reads all files in the directory. In 'Step 4: Compare and Update', it reads existing AGENTS.md content.
- Boundary markers: It uses '' tags to preserve sections, but it lacks specific delimiters or 'ignore embedded instructions' warnings when summarizing source code into instructions.
- Capability inventory: The skill can write files (AGENTS.md) across the entire directory structure and spawn sub-agents ('explore', 'architect-low', 'writer').
- Sanitization: No sanitization or escaping of the content read from the codebase is mentioned before it is interpolated into the 'For AI Agents' sections.
- [COMMAND_EXECUTION] (LOW): The skill utilizes local shell commands for validation and discovery.
- Evidence: The validation script pattern uses 'find . -name "AGENTS.md" -type f' and 'grep -r "<!-- Parent:"'. These are standard, low-risk operations within the context of the repository.
Recommendations
- AI detected serious security threats
Audit Metadata