security-engineer
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes a 'Prompt Injection Safety Notice' that instructs the agent to ignore instructions within analyzed content that conflict with the skill's methodology. This uses directive language to control the agent's behavior relative to other inputs.
- [PROMPT_INJECTION]: The skill is designed to analyze untrusted data, creating a surface for indirect prompt injection. 1. Ingestion points: File contents and tool outputs are processed during security reviews as described in SKILL.md. 2. Boundary markers: The skill includes a 'Prompt Injection Safety Notice' instructing the agent to ignore malicious commands in input data. 3. Capability inventory: The skill specifies the use of Read, Grep, and Glob tools for file inspection. 4. Sanitization: There is no evidence of technical sanitization or escaping of external content before processing.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and frameworks from well-known security organizations including OWASP, NIST, CIS, and MITRE. These references to official industry standards are considered safe.
Audit Metadata