Skills
skills/whynowlab/swing-skills/swing-mortem/Gen Agent Trust Hub

swing-mortem

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to process external project data. \n
  • Ingestion points: In Phase 1, the agent is instructed to read external project files, architecture documents, and project plans to provide context for the analysis (SKILL.md). \n
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading this external data. \n
  • Capability inventory: The skill uses Read, Grep, Glob, Bash, and Agent tools to interact with the environment. \n
  • Sanitization: There is no evidence of content sanitization or validation of the data read from the files. \n- [DATA_EXFILTRATION]: To ground the failure scenarios, the skill instructs the agent to read relevant project files and documentation. This poses a risk of data exposure if the agent inadvertently reads and processes files containing sensitive information, such as .env files or hardcoded credentials, during the context-gathering phase. \n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to examine project artifacts and environments. While this is standard for developer-oriented tools, the availability of a shell interface increases the potential impact of an indirect prompt injection attack derived from malicious project files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 11:22 PM
Security Audit — agent-trust-hub — swing-mortem