auditor-quiz
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from repository files.
- Ingestion points: Documentation and source code files (including .md, .sol, and .rs files) accessed via glob patterns.
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands within the analyzed files.
- Capability inventory: The skill can read local files and maintain a conversational state but has no access to terminal execution (bash), network requests (curl/wget), or file system writes.
- Sanitization: There is no evidence of sanitization or filtering applied to the text extracted from source files before it is used for quiz generation.
Audit Metadata