gen-milestones
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data to generate milestone configurations.
- Ingestion points: Reads content from user-specified document paths, CLAUDE.md, and files within the docs/ directory.
- Boundary markers: No explicit markers are defined to isolate external file content from the agent's instructions.
- Capability inventory: The skill writes to milestones.json and executes shell commands such as mv and git. It populates a verification field with commands derived from local documentation.
- Sanitization: No sanitization or validation of the extracted commands is present before they are written to the output file.
Audit Metadata