ln-629-lifecycle-auditor
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function involves analyzing untrusted source code from a target project, which creates a surface for indirect prompt injection. Maliciously crafted comments or code in the audited project could potentially attempt to influence the agent's behavior during the audit process.
- Ingestion points: Target project source files, Dockerfiles, and Kubernetes manifests read during the Layer 1 and Layer 2 analysis phases (SKILL.md).
- Boundary markers: Absent. The instructions do not define specific delimiters or instructions to isolate the untrusted code content from the agent's instruction context.
- Capability inventory: The skill is authorized to use
Bash,Read,Grep,Glob, and several MCP-based semantic analysis tools (hex-line,hex-graph). - Sanitization: Absent. Source code content is parsed and analyzed directly to produce findings and reports.
Audit Metadata