code-audit
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It systematically ingests data from untrusted sources within the repository, including documentation files, source code comments, and git commit history, to build an 'Intent Brief'. Malicious actors could embed instructions within these sources to manipulate the audit's findings or the agent's subsequent actions.
- Ingestion points: Files like SKILL.md (Step 3), references/intent-discovery.md (Documentation Scanner, Code Intent Scanner, History Scanner) define how the agent reads documentation, code comments, and git logs.
- Boundary markers: The instructions lack requirements for using delimiters or explicit warnings to the agent to ignore instructions embedded in the analyzed data.
- Capability inventory: The skill performs file reads across the project, executes git commands, and writes a Markdown report to the filesystem.
- Sanitization: The workflow does not specify any sanitization or validation of the ingested content before it is used for analysis.
Audit Metadata