tomtom-maps-sdk-js-contribution
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a project orientation guide and uses local file system tools (Read, Glob) to navigate documentation. No unauthorized network requests, remote code execution, or credential access patterns were detected.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to read and summarize documentation files (AGENTS.md) from the repository, which could potentially contain untrusted instructions if the source repository were compromised.\n
- Ingestion points: Multiple documentation files (AGENTS.md) across the project root and package directories (e.g., core/, map/, services/).\n
- Boundary markers: Absent; the skill does not instruct the agent to distinguish between documentation content and system instructions.\n
- Capability inventory: Access to Read and Glob tools for file system interaction.\n
- Sanitization: No sanitization or content validation is applied to the ingested documentation content.
Audit Metadata