coder
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes arbitrary file content from a repository which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: File content is ingested into the agent's context via
coder::read-fileandcoder::search(SKILL.md). - Boundary markers: The documentation does not describe the use of markers or delimiters to isolate untrusted file content from system instructions (SKILL.md).
- Capability inventory: The agent has extensive modification capabilities including
coder::create-file,coder::update-file,coder::delete-file, andcoder::move(SKILL.md). - Sanitization: No sanitization or validation mechanisms are mentioned to prevent the agent from acting on commands found within ingested files (SKILL.md).
Audit Metadata