production-hardening
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill performs audits on external codebases, creating a surface for indirect prompt injection. Malicious instructions or adversarial comments embedded within the audited source code could potentially attempt to hijack the agent's behavior during the implementation of hardening fixes.
- Ingestion points: Reads codebase files including
package.json, source code (.ts, .py, .go, .rs), IaC templates (sst.config.ts, serverless.yml, cdk.json), and environment variables usingRead,Glob, andGreptools. - Boundary markers: None identified; the skill does not provide specific delimiters or instructions to treat audited code as untrusted data that should not be followed as instructions.
- Capability inventory: The skill has broad capabilities including
Write,Edit, andBashaccess (specificallynpm,pnpm, andnode), which could be misdirected if an injection is successful. - Sanitization: There is no evidence of sanitization or filtering of the ingested code content before it is processed by the agent.
- [SAFE]: The skill follows security best practices by recommending well-known, high-adoption libraries (e.g.,
cockatiel,tenacity) and official vendor tools (e.g.,@aws-lambda-powertools). It correctly identifies and rejects stale or unproven libraries and provides secure guidance on credential management, such as using OIDC for AWS authentication instead of static keys.
Audit Metadata