tech-impl-doc
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (INFO): The skill is designed to process external documents and source code to generate reports. Ingestion points: Workflow steps 2 and 3 in SKILL.md (scanning docs and source code). Boundary markers: Absent. Capability inventory: Limited to text and Mermaid diagram generation for display only; no file-write, network, or subprocess capabilities identified. Sanitization: Absent. While an ingestion surface exists, the lack of dangerous capabilities makes the risk negligible.- Prompt Injection (SAFE): The instructions focus on formatting, audience appropriateness, and structural requirements. No attempts to override agent safety constraints or core instructions were detected.- Data Exposure (SAFE): The instructions to read source code are limited to the agent's provided context for the purpose of documentation and do not include commands for unauthorized exfiltration or exposure of sensitive files.
Audit Metadata