landscape-discovery-audit

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a significant Indirect Prompt Injection surface. It is designed to read and process external project data (substrate-context.md and all files discovered during the asset inventory) using powerful tools like Bash. If any of the files in the audit environment contain malicious instructions, the agent could be manipulated into executing them.\n
  • Ingestion points: The skill reads substrate-context.md from the working directory and is instructed to perform a recursive, exhaustive inventory of all individual files (leaves) in the substrate.\n
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent treats the discovered content as data only or ignores embedded commands.\n
  • Capability inventory: The skill is granted Bash, Read, Write, Edit, Glob, and Grep permissions, which allow for full system interaction and file modification.\n
  • Sanitization: None. The instructions do not include steps to validate, escape, or sanitize the content of the files it reads before incorporating them into its internal reasoning or using them to generate the final phase-1-landscape-report.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:03 PM
Security Audit — agent-trust-hub — landscape-discovery-audit