product-tracking-business-case
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it processes data from local files and the project's source code to generate its output.\n- Ingestion points: The agent is instructed to read '.telemetry/product.md' and perform a codebase scan to inventory existing instrumentation.\n- Boundary markers: The instructions do not define any specific delimiters or 'ignore' commands to prevent the agent from being influenced by instructions that might be embedded in the files it reads.\n- Capability inventory: The skill possesses the capability to write the resulting document to the '.telemetry/business-case.md' file on the local filesystem.\n- Sanitization: There are no mentioned mechanisms for sanitizing, validating, or filtering the content retrieved from the codebase or configuration files before processing.
Audit Metadata