serena
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's architecture creates a potential for indirect prompt injection by processing external source code files.
- Ingestion points: Code content is ingested through the find_symbol, search_for_pattern, and get_symbols_overview tools defined in references/tools.md.
- Boundary markers: The skill documentation lacks explicit boundary markers or instructions for the agent to ignore embedded commands within the files it reads.
- Capability inventory: The agent has the ability to perform significant codebase modifications via rename_symbol and replace_symbol_body, alongside persistent memory operations.
- Sanitization: There is no documentation regarding the sanitization of ingested data before it is processed or used to influence subsequent agent actions.
Audit Metadata