use-conductor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill instructs the agent to read and follow instructions found in external files within the conductor/ directory, such as product-guidelines.md and workflow.md.
- Ingestion points: Files within the conductor/ directory (e.g., product.md, workflow.md, spec.md).
- Boundary markers: Absent; the skill does not define delimiters to separate instructions from untrusted data.
- Capability inventory: Reading local files and modifying project status files.
- Sanitization: Absent; the agent is expected to obey instructions found in these files as project guidelines.
Audit Metadata