port-registry
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from untrusted sources without explicit boundary markers or sanitization.
- Ingestion points: Reads project configuration files such as package.json and vite.config.ts, as well as a local registry file at ~/.config/port-registry.json.
- Boundary markers: The instructions do not define delimiters or specific safety instructions to ignore embedded commands within the processed files.
- Capability inventory: The skill involves reading and writing configuration files on the local filesystem.
- Sanitization: No evidence of content validation or escaping is present for the data retrieved from the files.
Audit Metadata