agent-sort
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted content from the repository to make installation and classification decisions.
- Ingestion points: Reads files using
rgandcat, includingpackage.json,pyproject.toml, and general source code files to establish the project stack. - Boundary markers: The instructions lack explicit boundary markers or directions to ignore instructions embedded within the data it reads, although it mandates citing concrete evidence for decisions.
- Capability inventory: The skill has the capability to execute shell commands (
rg,cat) and perform file-system modifications, specifically installing components into the.claude/skills/directory. - Sanitization: No sanitization or validation of the repository content is specified before the agent processes it to generate the install plan.
Audit Metadata