discovery
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the repository being analyzed through Read, Grep, and Glob operations. This creates a surface for indirect prompt injection where malicious content in repository files could attempt to influence the agent's reasoning process.\n- Ingestion points: The agent is instructed to read file content from paths like README* and docs/**, and to perform repository-wide searches using Grep.\n- Boundary markers: The instructions do not define explicit boundary markers or directions to ignore embedded commands within the processed files.\n- Capability inventory: The agent has access to Bash (restricted to git and beads commands), Grep, and Glob to retrieve and report on information.\n- Sanitization: No process is described for sanitizing or validating the contents of the files discovered during the discovery phase.
Audit Metadata