sage
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes documentation on LLM security (e.g., in
domains/ai/llm-security.md) that lists prompt injection and jailbreak techniques like 'DAN'. These references are strictly for educational purposes and defensive guidance, not active attempts to subvert the agent. - [COMMAND_EXECUTION]: The skill contains several Node.js scripts (
quality_checker.js,module_scanner.js,change_analyzer.js,security_scanner.js,doc_generator.js) that use standard system utilities (likegit) and file operations to audit projects and generate reports. These actions are consistent with the skill's primary purpose. - [INDIRECT_PROMPT_INJECTION]: The auditing and documentation tools ingest untrusted project data, creating a potential surface for indirect prompt injection.
- Ingestion points: Scripts such as
doc_generator.jsandsecurity_scanner.jsread local project files. - Boundary markers: The generated reports and README files do not use explicit boundary markers to isolate user-supplied content.
- Capability inventory: The agent can read/write files and execute shell commands.
- Sanitization: The tool focus is on regex analysis rather than input sanitization for the generated output.
- Risk: Although a surface exists, it is inherent to the tool's auditing function, and the overall risk is minimal due to the localized nature of the operations.
Audit Metadata