understand-chat
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a knowledge graph file (.understand-anything/knowledge-graph.json) which summarizes project code. This creates a surface for indirect prompt injection, as an attacker could place instructions within code comments that are subsequently summarized and read by the agent.\n
- Ingestion points: .understand-anything/knowledge-graph.json (referenced throughout instructions)\n
- Boundary markers: Absent; no specific delimiters or warnings are provided to the agent to treat the graph content as untrusted data.\n
- Capability inventory: grep (shell search) and read_file (implicit in context instructions).\n
- Sanitization: None; the skill reads and processes keywords directly from the file without validation.
Audit Metadata