rp-investigate-v2

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates deep codebase investigation by ingesting and synthesizing data from workspace files. This architecture creates an indirect prompt injection surface where malicious instructions hidden in the files being analyzed (e.g., in source code comments or documentation) could attempt to influence the orchestration agent or sub-agents.\n
  • Ingestion points: Investigation inputs via $ARGUMENTS and workspace file contents processed by context_builder, oracle_send, and sub-agents (code_mapper, investigation_lead).\n
  • Boundary markers: Uses structured prompts with XML-style delimiters (e.g., <task>, <context>) to separate instructions from investigated content.\n
  • Capability inventory: Full file system read access, file creation (reports), git command execution (blame, log, diff), autonomous sub-agent spawning, and external web research capability via docs_researcher.\n
  • Sanitization: No explicit sanitization, escaping, or filtering of content retrieved from the workspace is described in the protocol before it is presented to the LLM-based tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 07:49 PM
Security Audit — agent-trust-hub — rp-investigate-v2