requirement
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, hidden code, or unauthorized network operations were detected. The skill is purely informational and template-driven.
- [DATA_EXPOSURE]: The skill reads project-level configuration files such as
CONTRIBUTING.mdand.github/ISSUE_TEMPLATE/to adapt its templates to the project's language and standards. This is a standard localized operation with no evidence of exfiltration. - [PROMPT_INJECTION]: An indirect prompt injection surface exists via the feature description input in
SKILL.md. Evidence chain: 1. Ingestion point: User-supplied argument for the/requirementcommand. 2. Boundary markers: None explicitly defined in the instructions. 3. Capability inventory: Limited toRead,Write, andGreptools. 4. Sanitization: Not explicitly present. Despite the surface, the risk is negligible as the skill only uses this data for documentation generation and does not perform high-risk operations like shell execution.
Audit Metadata