antithesis-research
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from the target codebase, issue trackers, and user-provided external documentation, creating an indirect prompt injection surface.\n
- Ingestion points: The agents read and analyze arbitrary files from the repository, as well as external URLs and documents provided during the scoping phase (
SKILL.md,references/sut-discovery.md).\n - Boundary markers: The instructions do not define specific delimiters or "ignore embedded instructions" warnings to the agents when they are analyzing external content, which could allow instructions hidden in the data to influence agent behavior.\n
- Capability inventory: The agents have the capability to read any file in the repository and write research findings to the
antithesis/scratchbook/directory.\n - Sanitization: There is no mention of sanitization or validation of the external content before it is interpolated into prompts and processed by the AI models.
Audit Metadata