explore-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an attack surface for indirect prompt injection by instructing the agent to read and adhere to instructions contained within the repository files it explores, specifically calling out the repository's CLAUDE.md file.
- Ingestion points: The skill utilizes the Read, Grep, and Bash tools to ingest data from repository files during the Scan and Analyze phases.
- Boundary markers: The instructions do not define delimiters or provide specific prompts to the agent to ignore or isolate instructions found within the ingested file content.
- Capability inventory: The skill utilizes Bash, Write, and Task tools to execute its logic and save report artifacts.
- Sanitization: No sanitization or validation of the content read from the repository is performed before the agent processes it.
- [COMMAND_EXECUTION]: The skill uses Bash and the Task tool to perform systematic repository scanning, including directory listing and entry point detection.
- [EXTERNAL_DOWNLOADS]: The skill's source hierarchy for research involves the use of external tools such as WebFetch and WebSearch to retrieve information regarding framework conventions and library documentation.
Audit Metadata