intent-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill accesses local markdown files and a configuration file (~/.claude/settings.json).
- Evidence: The tool reads 'INTENT.md' files and a local settings file to determine reviewer names and auto-lock patterns.
- Context: This is the primary intended behavior for a local document management tool and does not involve network transmission.
- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted data from local markdown files to display previews to the user.
- Ingestion points: Markdown sections from 'INTENT.md' files.
- Boundary markers: Not explicitly defined in the prompt template, but the content is presented within a user-facing question context.
- Capability inventory: File-write operations to update markdown metadata.
- Sanitization: None explicitly mentioned, but the human-in-the-loop (AskUserQuestion) serves as a primary control.
- [Command Execution] (SAFE): No arbitrary shell commands are executed. The documented logic uses standard file I/O for markdown manipulation.
Audit Metadata