mechanism-audit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to process untrusted external data such as specifications, task plans, and operational contracts. If these files contain malicious instructions, they could attempt to influence the agent's audit verdict or reasoning process.
- Ingestion points: The skill reads from potentially untrusted files including AGENTS.md, CLAUDE.md, .agents/manifests, and various build/test specs.
- Boundary markers: The instructions do not define explicit boundary markers or delimiters (like XML tags or clear 'ignore embedded instructions' warnings) to isolate the data being audited from the agent's core logic.
- Capability inventory: The skill instructs the agent to write audit artifacts to the filesystem at '/mechanism-audit.md', which provides a channel for an attacker to influence the content of persistent project files.
- Sanitization: There is no mention of sanitizing or validating the contents of the ingested files before they are processed by the LLM.
Audit Metadata