audit
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the instructions. The skill is purely diagnostic and provides a template for generating reports based on technical best practices.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it is designed to ingest and analyze external code or component data.
- Ingestion points: The skill processes code and implementation details for the provided "area (feature, page, component...)".
- Boundary markers: No explicit XML delimiters or ignore-instructions warnings are defined for the data being audited.
- Capability inventory: The skill only generates a markdown report and recommends (but does not execute) further commands like /optimize or /harden.
- Sanitization: There is no mention of sanitizing or escaping the content being audited before it is processed by the agent.
- Risk Assessment: Since the skill's primary output is a text-based report and it explicitly instructs the agent "Don't fix issues — document them", the risk of an attacker-controlled code snippet triggering unauthorized actions is minimal.
Audit Metadata