copilot
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill analyzes and modifies untrusted code provided by users, creating a surface for indirect prompt injection. A malicious actor could embed instructions within code comments or strings that the agent might follow during review.\n
- Ingestion points: User-provided source code files and Jupyter notebooks (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for input ingestion.\n
- Capability inventory: The skill has permissions to use Read and Edit tools, allowing file system modifications based on processed data (SKILL.md).\n
- Sanitization: Input code is not sanitized or validated for embedded instructions before analysis.\n- [NO_CODE]: The skill does not include any executable scripts or binary files, consisting entirely of instructional markdown and reference documentation. This reduces the direct attack surface of the skill itself.
Audit Metadata