dry
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted source code from a user's repository and presents it to the agent for analysis and refactoring, which constitutes a surface for indirect prompt injection.\n
- Ingestion points: Source code content is ingested by the agent during Phase 2 (Review) after being identified by the
scripts/dry_check.pytool.\n - Boundary markers: There are no explicit delimiters or instructions to the agent to disregard instructions potentially embedded within the code blocks or comments being analyzed.\n
- Capability inventory: The agent is authorized to perform file-write operations to refactor the codebase in Phase 4 and is instructed to run tests which involves subprocess execution.\n
- Sanitization: Function names, variable names, and code bodies are processed and presented in the agent's context without sanitization to strip or escape potential prompt injection strings.
Audit Metadata