code
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill retrieves engineering patterns and procedures from the
harness_codetool provided by the Ejentum MCP server. This is a functional dependency consistent with the skill's stated purpose. - [SAFE]: Authentication is managed via the
EJENTUM_API_KEYenvironment variable, which is a standard security practice for protecting API secrets and avoids hardcoding credentials. - [SAFE]: All external domain references (ejentum.com) and associated tools (ejentum-mcp) are vendor resources belonging to the skill's author.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates external, unvalidated data from a tool response into the agent's internal reasoning and output generation.
- Ingestion points: The output of the
harness_codetool from theejentumMCP server (SKILL.md). - Boundary markers: The skill lacks explicit boundary markers or "ignore nested instructions" directives for the tool output, though it does instruct the agent to "absorb internally" and apply specific bracketed failure patterns.
- Capability inventory: The skill is triggered during high-privilege operations such as code generation, refactoring, architectural planning, and debugging. Malicious instructions returned by the external service could potentially lead to the introduction of vulnerabilities or backdoors into the user's codebase.
- Sanitization: No sanitization, schema validation, or content filtering is performed on the data returned from the external API before it is applied to the coding task.
Audit Metadata