drift-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from documentation and GitHub metadata which presents a surface for indirect prompt injection.
- Ingestion points: GitHub issues, pull requests, and documentation files (README.md, PLAN.md, CLAUDE.md) are read via the collectors.js module.
- Boundary markers: The provided templates do not specify the use of delimiters or instructions to ignore embedded directives in the ingested content.
- Capability inventory: Analysis is limited to state comparison and report generation; no dangerous capabilities like arbitrary command execution or network exfiltration are present in the defined logic.
- Sanitization: No evidence of sanitization or content filtering for the ingested data is described.
Audit Metadata