security-threat-model
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and summarize external repository content. Malicious instructions placed in a codebase (such as in README files, documentation, or code comments) could manipulate the AI agent's assessment or cause it to ignore security flaws. \n
- Ingestion points: Repository files read via exploration tools as described in
references/prompt-template.md(Repository summary prompt section). \n - Boundary markers: Absent. The prompt template lacks explicit delimiters or specific instructions to treat repository content as untrusted data that should not be interpreted as instructions. \n
- Capability inventory: Reading repository files and writing a new markdown report to the local file system. \n
- Sanitization: The skill includes a specific security hygiene directive in
references/prompt-template.mdto redact any secrets, tokens, or passwords found during analysis.
Audit Metadata