ultra-prompt
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from the repository being audited (source code, documentation, and user requests) to generate its output, creating a surface for indirect prompt injection.
- Ingestion points: Ingests repository content in
SKILL.md(Workflow Step 2) andreference/AUDIT_AGENTS.md(Agent 2 and 3). - Boundary markers: The audit phase lacks explicit delimiters for untrusted content, though the final output follows a structured template in
reference/PROMPT_TEMPLATE.md. - Capability inventory: The skill requires filesystem read access to perform audits and can spawn subagents to process findings.
- Sanitization: The skill includes a 'Correctness gate' in
reference/OUTPUT_SCHEMA.mdto verify that findings are grounded in the repository and match the original user intent.
Audit Metadata