production-check
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
rg(ripgrep) commands to perform static analysis of the local project directory. These commands are used to detect hardcoded secrets, dangerous functions (likeshell=Trueoreval()), and configuration errors (likeDEBUG=True). These operations are performed locally and are consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data from the user's project files, which introduces a surface for indirect prompt injection.
- Ingestion points: The skill scans the entire project structure, including source code files (.py, .js, .go, .java), configuration files (.env, .yaml, .json), and infrastructure manifests (Dockerfile, Kubernetes manifests).
- Boundary markers: The instructions do not specify the use of boundary markers or clear delimiters to separate untrusted file content from the agent's internal reasoning or audit logic.
- Capability inventory: The skill has the capability to read files across the project directory and execute shell commands (
rg) to search through them. - Sanitization: There is no evidence of sanitization or escaping mechanisms applied to the content read from files before it is analyzed or included in the final audit report.
Audit Metadata