Skills
skills/yonatangross/orchestkit/audit-full/Gen Agent Trust Hub

audit-full

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute an internal script (scripts/estimate-tokens.sh) that estimates the line count and token budget for the audit. This script uses standard utilities such as find, wc, and awk. The execution is restricted to counting files and does not involve network operations or privilege escalation.- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection (Category 8) due to its core functionality of reading and processing the full content of untrusted repositories. \n
  • Ingestion points: The agent reads the entire codebase using the Read, Glob, and Grep tools, as specified in SKILL.md and the loading strategy in references/report-structure.md. \n
  • Boundary markers: Although the skill organizes work into tasks, it does not explicitly use isolated delimiters or instructions to prevent content within the audited files from being interpreted as agent commands. \n
  • Capability inventory: The agent has access to powerful tools, including Bash, Read, and TaskCreate, which could be targeted by instructions hidden in a malicious repository. \n
  • Sanitization: There is no pre-processing or sanitization identified that would strip instructions or delimiters from the audited files before the model processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 07:50 PM