coverage
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted local project files, which creates an indirect prompt injection surface. Ingestion points: Application source code (Next.js, React, Vue) and test files (*.spec.ts, *.spec.js). Boundary markers: None; the instructions do not specify any delimiters or warnings to ignore instructions within the analyzed code. Capability inventory: The skill uses an 'Explore' subagent and the '/pw:generate' tool for automated code creation. Sanitization: No validation or sanitization of the file content is performed.
Audit Metadata