specs-explore
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as direct prompt injection, credential exfiltration, or persistence mechanisms were detected in the skill instructions or configuration.
- [COMMAND_EXECUTION]: The skill uses tools like
Bash,Grep, andGlobfor investigative purposes. The instructions guide the agent to use these tools solely for reading code and identifying patterns to facilitate architectural analysis. - [PROMPT_INJECTION]: The skill involves reading content from the codebase, which constitutes an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the context through the
Read,Grep, andGlobtools while scanning the codebase. - Boundary markers: There are no explicit delimiters or instructions provided to distinguish between codebase content and system instructions.
- Capability inventory: The agent has access to
Write,Edit,Bash, andTodoWritetools. - Sanitization: No sanitization or validation of the ingested code content is performed.
- Mitigation: The risk is mitigated by an explicit rule stating 'DO NOT modify any existing code or files', which restricts the agent's ability to act on any malicious instructions found within the code being analyzed.
Audit Metadata