engineering-mentor
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill interacts with the local filesystem outside of the project scope, specifically reading and writing a user profile to
~/.claude/engineer-profile/profile.md. Accessing hidden directories within the user's home directory is a sensitive operation. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its persistent user profile.
- Ingestion points: Collection of the user's name and experience level during initial onboarding in
SKILL.md. - Boundary markers: No specific delimiters or 'ignore' instructions are used when writing to or reading from the profile markdown file.
- Capability inventory: Extensive file-writing capabilities across multiple files (
profile.md,learning-ledger.md,.mentor-checkpoint.json) and invocation of thesoftware-forgeorchestrator. - Sanitization: No input validation or output escaping is documented for the handled user data.
- [PROMPT_INJECTION]: The skill includes defensive measures against accidental execution of dangerous commands. It defines a 'Critical Gate' for operations involving security configurations, data deletion, or cost commitments, which explicitly requires an unambiguous user affirmation ('I understand and approve') before proceeding.
Audit Metadata