tahr-verify-security-fix

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to process untrusted security finding data and code patches without explicit boundary markers. This creates an indirect prompt injection surface where malicious instructions within a security report could manipulate the agent's behavior during the verification or remediation process.
  • Ingestion points: Security finding ID, claim, evidence, and patch content (SKILL.md).
  • Boundary markers: Not explicitly defined for external data.
  • Capability inventory: Execute shell commands for testing and edit repository files for remediation (SKILL.md).
  • Sanitization: Mandates credential redaction but lacks sanitization for report content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 02:59 PM