agent-ready
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and analyzes untrusted project files.
- Ingestion points: Project files, project guidelines, and CI/CD configurations are read and processed by the agent.
- Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within the analyzed files.
- Capability inventory: The skill generates a structured report and makes recommendations, which could be influenced by malicious content in the source files.
- Sanitization: There is no evidence of sanitization or validation for the content of the files being analyzed.
Audit Metadata