qual
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted source code provided by the user, creating a surface for indirect prompt injection attacks.
- Ingestion points: File content is read via Read and Grep tools (SKILL.md, agents/silent-failure.md).
- Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore embedded instructions when passing file content to specialist agents.
- Capability inventory: The skill can execute Bash commands and has the ability to modify project files (SKILL.md).
- Sanitization: Absent; there is no mention of escaping or filtering external code content before analysis.
- [COMMAND_EXECUTION]: The skill utilizes Bash for git operations. The specialist agents are explicitly restricted to read-only operations and git-specific commands, which reduces the potential attack surface for arbitrary command execution.
Audit Metadata