Skills
skills/ikatsuba/skills/investigate/Gen Agent Trust Hub

investigate

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon untrusted data from external and local sources without explicit boundaries or sanitization.
  • Ingestion points: The agent reads arbitrary codebase files, git logs, and external data via WebSearch and documentation queries (SKILL.md, Steps 2 & 3).
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific instructions to treat researched content as data rather than instructions.
  • Capability inventory: The agent can modify files, execute tests, and invoke sub-agents (SKILL.md, Steps 2 & 5).
  • Sanitization: No sanitization or validation of the gathered data is mentioned before it influences the proposed or applied code changes.
  • [COMMAND_EXECUTION]: The skill uses commands to investigate the environment and verify fixes.
  • Evidence: It executes git log to inspect history and runs "relevant tests" to verify proposed solutions (SKILL.md, Steps 2 & 5).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 11:11 AM