telos-guardian
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows established patterns for project documentation and architectural analysis. Its core functionality involves structured user interviews and scanning the local file system for codebase patterns to provide alignment recommendations. These actions are confined to the local environment and are consistent with the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from project files and the 'TELOS.md' document to inform its 'Assess' mode logic. While this is a common characteristic of analysis tools, it constitutes a theoretical entry point for malicious instructions. No evidence of active exploitation was found.\n
- Ingestion points: Local codebase (traversed in Mode B3) and 'TELOS.md' (read in Mode B1).\n
- Boundary markers: The skill does not define specific delimiters or instructions to treat ingested project data as untrusted or restricted.\n
- Capability inventory: The skill possesses local file system read/write capabilities and generates conversational output based on ingested project context.\n
- Sanitization: There is no explicit mechanism described to sanitize or filter codebase content before it is processed by the agent.
Audit Metadata