rp-investigate-v2
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates deep codebase investigation by ingesting and synthesizing data from workspace files. This architecture creates an indirect prompt injection surface where malicious instructions hidden in the files being analyzed (e.g., in source code comments or documentation) could attempt to influence the orchestration agent or sub-agents.\n
- Ingestion points: Investigation inputs via
$ARGUMENTSand workspace file contents processed bycontext_builder,oracle_send, and sub-agents (code_mapper,investigation_lead).\n - Boundary markers: Uses structured prompts with XML-style delimiters (e.g.,
<task>,<context>) to separate instructions from investigated content.\n - Capability inventory: Full file system read access, file creation (reports), git command execution (blame, log, diff), autonomous sub-agent spawning, and external web research capability via
docs_researcher.\n - Sanitization: No explicit sanitization, escaping, or filtering of content retrieved from the workspace is described in the protocol before it is presented to the LLM-based tools.
Audit Metadata