tahr-verify-security-fix
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted security finding data and code patches without explicit boundary markers. This creates an indirect prompt injection surface where malicious instructions within a security report could manipulate the agent's behavior during the verification or remediation process.
- Ingestion points: Security finding ID, claim, evidence, and patch content (SKILL.md).
- Boundary markers: Not explicitly defined for external data.
- Capability inventory: Execute shell commands for testing and edit repository files for remediation (SKILL.md).
- Sanitization: Mandates credential redaction but lacks sanitization for report content.
Audit Metadata