security-threat-model
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrustworthy repository data, which represents an inherent surface for indirect prompt injection.
- Ingestion points: The agent reads the root path and sub-paths of a user-specified repository (SKILL.md).
- Boundary markers: The skill employs a specialized system prompt in references/prompt-template.md that establishes a senior application security engineer persona with strict rules for grounding analysis in repository evidence.
- Capability inventory: The skill has the ability to execute searches via 'rg' and write analysis results to local Markdown files (SKILL.md, references/prompt-template.md).
- Sanitization: Explicit instructions are provided to redact any encountered secrets, such as tokens or passwords, before they are included in any output (references/prompt-template.md).
- [COMMAND_EXECUTION]: The instructions suggest using the 'rg' (ripgrep) command-line utility for codebase exploration. This is a standard component of the skill's analytical function and is consistent with its intended purpose.
Audit Metadata