ln-645-open-source-replacer
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's primary workflow involves extracting logic summaries and 'goals' from custom project files and sending them to external search engines (WebSearch, Context7, Ref). While this is necessary for finding replacements, it exposes high-level descriptions of proprietary implementation logic to third-party services.
- [PROMPT_INJECTION]: The skill ingests and processes untrusted data from the codebase root during Phase 1 (Discovery) and Phase 2 (Goal Extraction). This creates a surface for indirect prompt injection, as malicious instructions embedded in code comments or files could attempt to manipulate the agent's classification or summary results.
- Ingestion points: Files found via Glob and Read tools in the codebase_root (SKILL.md).
- Boundary markers: Absent. The instructions do not specify delimiters or 'ignore' commands for the content read from files.
- Capability inventory: Use of WebSearch, WebFetch, Read, Grep, and Bash (for wc and grep operations).
- Sanitization: Absent. Summaries are generated based on direct interpretation of file content.
Audit Metadata