project-alignment-validation
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The content consists of legitimate instructional patterns for project management. No bypass markers, role-play injections, or system prompt extraction attempts were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive system paths (e.g., .ssh, .aws) are present. The skill does not perform network operations or data exfiltration.
- Unverifiable Dependencies & Remote Code (SAFE): The skill does not include any package installation commands or remote script downloads. While it references internal integration points like 'validate_project_alignment.py', no code is provided or executed by the skill itself.
- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques were found.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process documentation files like 'PROJECT.md'. While this represents a surface for indirect injection if the files are attacker-controlled, the skill is limited to read-only tools (Read, Grep, Glob) and lacks the execution or network capabilities required to escalate such an injection.
- Privilege Escalation & Persistence (SAFE): No commands for elevating permissions or maintaining persistence (e.g., sudo, crontab, shell profiles) are included.
Audit Metadata