landscape-discovery-audit
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant Indirect Prompt Injection surface. It is designed to read and process external project data (
substrate-context.mdand all files discovered during the asset inventory) using powerful tools likeBash. If any of the files in the audit environment contain malicious instructions, the agent could be manipulated into executing them.\n - Ingestion points: The skill reads
substrate-context.mdfrom the working directory and is instructed to perform a recursive, exhaustive inventory of all individual files (leaves) in the substrate.\n - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent treats the discovered content as data only or ignores embedded commands.\n
- Capability inventory: The skill is granted
Bash,Read,Write,Edit,Glob, andGreppermissions, which allow for full system interaction and file modification.\n - Sanitization: None. The instructions do not include steps to validate, escape, or sanitize the content of the files it reads before incorporating them into its internal reasoning or using them to generate the final
phase-1-landscape-report.md.
Audit Metadata