Skills
skills/marianfoo/arc-1/explain-abap-code/Gen Agent Trust Hub

explain-abap-code

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: The agent ingests external, potentially untrusted data through SAPRead (Step 1) and SAPDiagnose (Step 3) while processing ABAP objects.
  • Boundary markers: The instructions do not define boundary markers or provide explicit warnings to the agent to ignore instructions embedded within the processed code or diagnostic findings.
  • Capability inventory: The skill allows the agent to perform network-based operations via the search and sap_notes_search tools (Step 4), which use data extracted from the ingested objects as query parameters.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from the SAP system before it is used in subsequent tool calls or the final explanation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 02:04 PM
Security Audit — agent-trust-hub — explain-abap-code