vulnerability-validation
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from security-findings.json and .factory/threat-model.md which presents an indirect prompt injection surface. Ingestion points: security-findings.json and .factory/threat-model.md (SKILL.md). Boundary markers: The instructions do not define delimiters or specific markers to distinguish between the agent's core logic and the data from findings files. Capability inventory: The skill utilizes file system read/write operations and shell commands (cat, jq) for verification of the JSON output (SKILL.md). Sanitization: There is no evidence of input validation or escaping for the data read from findings files before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill instructions specify the use of shell commands cat and jq to verify the structure and validity of the generated output. While these are common utilities, they operate on data derived from potentially untrusted external findings.
Audit Metadata