global-config
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The instructions focus on interaction style, language policy, and routing logic. There are no attempts to bypass safety filters or ignore system instructions.
- Data Exposure & Exfiltration (SAFE): The skill identifies local project files (e.g., package.json, tsconfig.json) to detect technology stacks. This is a standard functional behavior with no evidence of sensitive data being transmitted externally.
- Indirect Prompt Injection (LOW): The skill reads data from untrusted local files like .agents/CONTEXT.md. 1. Ingestion points: package.json, tsconfig.json, .agents/CONTEXT.md, GEMINI.md, next.config., vite.config., nest-cli.json. 2. Boundary markers: None. 3. Capability inventory: File read (for context detection), File write (to .agents/skills/local/). 4. Sanitization: None mentioned. The risk is low as the data is used for stack inference rather than execution.
- Persistence Mechanisms (SAFE): The 'Local Skill Capture' feature writes project-specific guidance to a local directory. This is an intended feature for agent workflow persistence and does not target system startup or user shell profiles.
Audit Metadata