ln-627-diagnosability-auditor
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a legitimate diagnostic audit workflow. It is restricted to reading codebase structures and writing findings to a designated output directory. The 'Do not auto-fix' rule explicitly prevents the agent from modifying the audited codebase.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because its core function requires reading and verifying untrusted code from an external codebase.\n
- Ingestion points: The agent ingests data from the project under audit using
Read,Grep, andmcp__hex-line__read_filetools.\n - Boundary markers: The instructions do not define specific delimiters or 'ignore' directives to isolate the audited code content from the agent's logic.\n
- Capability inventory: The skill possesses
Bash,Write, andReadcapabilities, which are used to search the project and generate markdown/JSON artifacts.\n - Sanitization: No explicit sanitization or filtering of the audited code is specified before the agent performs context verification.
Audit Metadata