index
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture instructs the agent to read and follow guidelines established in directory-specific files such as
_index.mdand_prompt.md. This behavior creates an indirect prompt injection vector. - Ingestion points: File read operations on
_index.md,_index.yaml,_index.json, and_prompt.mdacross project directories. - Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings for the agent when interpreting the content of these files.
- Capability inventory: The skill supports file system modifications and execution of project-defined scripts.
- Sanitization: Absent. No validation or sanitization of the guidelines found within the prompt files is described.
- [COMMAND_EXECUTION]: The documentation includes extensive examples of shell commands used to interact with the indexing system (e.g.,
npm run index:validate). If an agent executes these commands in a repository with malicious script definitions inpackage.json, it could lead to unauthorized code execution.
Audit Metadata