apply-findings
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes findings from the conversation context to perform file modifications.
- Ingestion points: Findings are collected from the conversation context, which may contain data from untrusted sources (SKILL.md, Step 1).
- Boundary markers: The skill requires findings to have been evaluated via the
/evaluate-findingscommand before application, serving as a functional boundary (SKILL.md, Step 1). - Capability inventory: The skill is capable of reading files and writing code changes to the local file system (SKILL.md, Step 2).
- Sanitization: The skill performs a verification to see if the code still matches the finding, but does not sanitize or escape the content of the 'fix' before writing it to the file.
- [COMMAND_EXECUTION]: The skill performs automated file system modifications ('Make the fix') which, while intended, can be exploited if the instructions for the fix are manipulated (SKILL.md, Step 2).
Audit Metadata