find-duplicate-ownership
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of auditing untrusted codebase content without adequate isolation between data and instructions.\n
- Ingestion points: Source code files across various layers (frontend, backend, persistence) as referenced in SKILL.md and audit-prompts.md.\n
- Boundary markers: Absent; the instructions do not require the use of delimiters or 'ignore embedded instructions' warnings when the agent reads file content.\n
- Capability inventory: Read-only file system access for exploration agents; the 'SSOT judge' agent generates architectural verdicts and cleanup plans (delete, keep, rename) based on ingested content.\n
- Sanitization: None; there is no evidence of escaping, validation, or filtering of the code content before it is processed by the model.
Audit Metadata