audit-security
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external code to perform security audits, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: Processes code, API routes, controllers, and configuration files provided for analysis.
- Boundary markers: Lacks instructions for the agent to use protective delimiters or specific 'ignore embedded instructions' warnings for the input content.
- Capability inventory: Encourages 'Auto-fix' operations, which involve file-system writes to the user's codebase.
- Sanitization: Does not specify validation or sanitization requirements for the code being ingested prior to analysis.
Audit Metadata